CVE-2025-43729

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:thinos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:dell:latitude_3330:-:::::::*
	cpe:2.3:h:dell:latitude_3420:-:::::::*
	cpe:2.3:h:dell:latitude_3440:-:::::::*
	cpe:2.3:h:dell:latitude_3450:-:::::::*
	cpe:2.3:h:dell:latitude_5440:-:::::::*
	cpe:2.3:h:dell:latitude_5450:-:::::::*
	cpe:2.3:h:dell:latitude_5520:-:::::::*
	cpe:2.3:h:dell:latitude_5530:-:::::::*
	cpe:2.3:h:dell:latitude_5540:-:::::::*
	cpe:2.3:h:dell:latitude_5550:-:::::::*
	cpe:2.3:h:dell:optiplex_3000_tc:-:::::::*
	cpe:2.3:h:dell:optiplex_5400_all-in-one:-:::::::*
	cpe:2.3:h:dell:optiplex_7020:-:::::::*
	cpe:2.3:h:dell:optiplex_all-in-one_7410:-:::::::*
	cpe:2.3:h:dell:optiplex_all-in-one_7420:-:::::::*
	cpe:2.3:h:dell:optiplex_micro_plus_7010:-:::::::*
	cpe:2.3:h:dell:precision_3260_compact:-:::::::*
	cpe:2.3:h:dell:precision_3280:-:::::::*
	cpe:2.3:h:dell:pro_14_pc14250:-:::::::*
	cpe:2.3:h:dell:pro_16_pc16250:-:::::::*
	cpe:2.3:h:dell:pro_16_plus_pb16250:-:::::::*
	cpe:2.3:h:dell:pro_24_all-in-one:-:::::::*
	cpe:2.3:h:dell:pro_max_14:-:::::::*
	cpe:2.3:h:dell:pro_max_16_plus:-:::::::*
	cpe:2.3:h:dell:pro_rugged_13_ra13250:-:::::::*
	cpe:2.3:h:dell:pro_rugged_14_rb14250:-:::::::*
	cpe:2.3:h:dell:pro_slim_low_sff:-:::::::*
	cpe:2.3:h:dell:pro_tower_qct1250:-:::::::*
	cpe:2.3:h:dell:wyse_5070_extended_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5070_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5470_mtc:-:::::::*

History

15 Jan 2026, 15:11

Type	Values Removed	Values Added
CPE		cpe:2.3:h:dell:optiplex_5400_all-in-one:-:::::::* cpe:2.3:h:dell:pro_16_plus_pb16250:-:::::::* cpe:2.3:h:dell:optiplex_7020:-:::::::* cpe:2.3:h:dell:pro_14_pc14250:-:::::::* cpe:2.3:h:dell:pro_max_14:-:::::::* cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:::::::* cpe:2.3:h:dell:latitude_5520:-:::::::* cpe:2.3:h:dell:pro_rugged_13_ra13250:-:::::::* cpe:2.3:h:dell:latitude_5540:-:::::::* cpe:2.3:h:dell:optiplex_3000_tc:-:::::::* cpe:2.3:h:dell:latitude_3420:-:::::::* cpe:2.3:h:dell:wyse_5070_extended_thin_client:-:::::::* cpe:2.3:h:dell:optiplex_micro_plus_7010:-:::::::* cpe:2.3:h:dell:pro_slim_low_sff:-:::::::* cpe:2.3:h:dell:latitude_3440:-:::::::* cpe:2.3:h:dell:pro_rugged_14_rb14250:-:::::::* cpe:2.3:h:dell:optiplex_all-in-one_7420:-:::::::* cpe:2.3:h:dell:latitude_5530:-:::::::* cpe:2.3:h:dell:latitude_5440:-:::::::* cpe:2.3:h:dell:precision_3280:-:::::::* cpe:2.3:h:dell:latitude_3450:-:::::::* cpe:2.3:h:dell:pro_max_16_plus:-:::::::* cpe:2.3:h:dell:optiplex_all-in-one_7410:-:::::::* cpe:2.3:h:dell:pro_16_pc16250:-:::::::* cpe:2.3:h:dell:precision_3260_compact:-:::::::* cpe:2.3:h:dell:latitude_5550:-:::::::* cpe:2.3:h:dell:pro_tower_qct1250:-:::::::* cpe:2.3:h:dell:wyse_5470_mtc:-:::::::* cpe:2.3:o:dell:thinos:::::::: cpe:2.3:h:dell:wyse_5070_thin_client:-:::::::* cpe:2.3:h:dell:latitude_5450:-:::::::* cpe:2.3:h:dell:pro_24_all-in-one:-:::::::* cpe:2.3:h:dell:latitude_3330:-:::::::*
References	~~() https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331 -~~	() https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331 - Vendor Advisory
First Time		Dell wyse 5470 All-in-one Thin Client Dell optiplex 5400 All-in-one Dell pro Rugged 14 Rb14250 Dell latitude 5440 Dell pro Max 14 Dell optiplex Micro Plus 7010 Dell latitude 5520 Dell wyse 5070 Extended Thin Client Dell thinos Dell pro Rugged 13 Ra13250 Dell Dell pro Tower Qct1250 Dell pro Slim Low Sff Dell latitude 5550 Dell optiplex All-in-one 7420 Dell pro 16 Pc16250 Dell wyse 5470 Mtc Dell wyse 5070 Thin Client Dell optiplex 3000 Tc Dell latitude 3450 Dell latitude 3440 Dell latitude 3330 Dell precision 3260 Compact Dell pro 14 Pc14250 Dell latitude 5530 Dell optiplex All-in-one 7410 Dell pro 24 All-in-one Dell latitude 3420 Dell latitude 5450 Dell optiplex 7020 Dell pro 16 Plus Pb16250 Dell precision 3280 Dell pro Max 16 Plus Dell latitude 5540

29 Aug 2025, 16:24

Type	Values Removed	Values Added
Summary		(es) Dell ThinOS 10, versiones anteriores a la 2508_10.0127, contiene una vulnerabilidad de asignación incorrecta de permisos para recursos críticos. Un atacante local con pocos privilegios podría explotar esta vulnerabilidad, lo que provocaría una elevación de privilegios y acceso no autorizado.

27 Aug 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-27 14:15

Updated : 2026-01-15 15:11

NVD link : CVE-2025-43729

Mitre link : CVE-2025-43729

CVE.ORG link : CVE-2025-43729

JSON object : View

Products Affected

dell

latitude_5440
pro_rugged_14_rb14250
pro_slim_low_sff
pro_16_plus_pb16250
latitude_5450
wyse_5070_extended_thin_client
pro_max_14
optiplex_3000_tc
pro_max_16_plus
pro_14_pc14250
latitude_3450
wyse_5470_all-in-one_thin_client
pro_tower_qct1250
optiplex_7020
optiplex_all-in-one_7420
pro_16_pc16250
wyse_5070_thin_client
latitude_5530
pro_24_all-in-one
optiplex_5400_all-in-one
wyse_5470_mtc
latitude_3330
latitude_5550
latitude_3420
precision_3280
optiplex_micro_plus_7010
latitude_3440
precision_3260_compact
latitude_5540
pro_rugged_13_ra13250
latitude_5520
optiplex_all-in-one_7410
thinos

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

7.8 /10