CVE-2025-43730

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dell:thinos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:dell:latitude_3330:-:::::::*
	cpe:2.3:h:dell:latitude_3420:-:::::::*
	cpe:2.3:h:dell:latitude_3440:-:::::::*
	cpe:2.3:h:dell:latitude_3450:-:::::::*
	cpe:2.3:h:dell:latitude_5440:-:::::::*
	cpe:2.3:h:dell:latitude_5450:-:::::::*
	cpe:2.3:h:dell:latitude_5520:-:::::::*
	cpe:2.3:h:dell:latitude_5530:-:::::::*
	cpe:2.3:h:dell:latitude_5540:-:::::::*
	cpe:2.3:h:dell:latitude_5550:-:::::::*
	cpe:2.3:h:dell:optiplex_3000_tc:-:::::::*
	cpe:2.3:h:dell:optiplex_5400_all-in-one:-:::::::*
	cpe:2.3:h:dell:optiplex_7020:-:::::::*
	cpe:2.3:h:dell:optiplex_all-in-one_7410:-:::::::*
	cpe:2.3:h:dell:optiplex_all-in-one_7420:-:::::::*
	cpe:2.3:h:dell:optiplex_micro_plus_7010:-:::::::*
	cpe:2.3:h:dell:precision_3260_compact:-:::::::*
	cpe:2.3:h:dell:precision_3280:-:::::::*
	cpe:2.3:h:dell:pro_14_pc14250:-:::::::*
	cpe:2.3:h:dell:pro_16_pc16250:-:::::::*
	cpe:2.3:h:dell:pro_16_plus_pb16250:-:::::::*
	cpe:2.3:h:dell:pro_24_all-in-one:-:::::::*
	cpe:2.3:h:dell:pro_max_14:-:::::::*
	cpe:2.3:h:dell:pro_max_16_plus:-:::::::*
	cpe:2.3:h:dell:pro_rugged_13_ra13250:-:::::::*
	cpe:2.3:h:dell:pro_rugged_14_rb14250:-:::::::*
	cpe:2.3:h:dell:pro_slim_low_sff:-:::::::*
	cpe:2.3:h:dell:pro_tower_qct1250:-:::::::*
	cpe:2.3:h:dell:wyse_5070_extended_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5070_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:::::::*
	cpe:2.3:h:dell:wyse_5470_mtc:-:::::::*

History

15 Jan 2026, 14:59

Type	Values Removed	Values Added
First Time		Dell wyse 5470 All-in-one Thin Client Dell optiplex 5400 All-in-one Dell pro Rugged 14 Rb14250 Dell latitude 5440 Dell pro Max 14 Dell optiplex Micro Plus 7010 Dell latitude 5520 Dell wyse 5070 Extended Thin Client Dell thinos Dell pro Rugged 13 Ra13250 Dell Dell pro Tower Qct1250 Dell pro Slim Low Sff Dell latitude 5550 Dell optiplex All-in-one 7420 Dell pro 16 Pc16250 Dell wyse 5470 Mtc Dell wyse 5070 Thin Client Dell optiplex 3000 Tc Dell latitude 3450 Dell latitude 3440 Dell latitude 3330 Dell precision 3260 Compact Dell pro 14 Pc14250 Dell latitude 5530 Dell optiplex All-in-one 7410 Dell pro 24 All-in-one Dell latitude 3420 Dell latitude 5450 Dell optiplex 7020 Dell pro 16 Plus Pb16250 Dell precision 3280 Dell pro Max 16 Plus Dell latitude 5540
References	~~() https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331 -~~	() https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331 - Vendor Advisory
CPE		cpe:2.3:h:dell:optiplex_5400_all-in-one:-:::::::* cpe:2.3:h:dell:pro_16_plus_pb16250:-:::::::* cpe:2.3:h:dell:optiplex_7020:-:::::::* cpe:2.3:h:dell:pro_14_pc14250:-:::::::* cpe:2.3:h:dell:pro_max_14:-:::::::* cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:::::::* cpe:2.3:h:dell:latitude_5520:-:::::::* cpe:2.3:h:dell:pro_rugged_13_ra13250:-:::::::* cpe:2.3:h:dell:latitude_5540:-:::::::* cpe:2.3:h:dell:optiplex_3000_tc:-:::::::* cpe:2.3:h:dell:latitude_3420:-:::::::* cpe:2.3:h:dell:wyse_5070_extended_thin_client:-:::::::* cpe:2.3:h:dell:optiplex_micro_plus_7010:-:::::::* cpe:2.3:h:dell:pro_slim_low_sff:-:::::::* cpe:2.3:h:dell:latitude_3440:-:::::::* cpe:2.3:h:dell:pro_rugged_14_rb14250:-:::::::* cpe:2.3:h:dell:optiplex_all-in-one_7420:-:::::::* cpe:2.3:h:dell:latitude_5530:-:::::::* cpe:2.3:h:dell:latitude_5440:-:::::::* cpe:2.3:h:dell:precision_3280:-:::::::* cpe:2.3:h:dell:latitude_3450:-:::::::* cpe:2.3:h:dell:pro_max_16_plus:-:::::::* cpe:2.3:h:dell:optiplex_all-in-one_7410:-:::::::* cpe:2.3:h:dell:pro_16_pc16250:-:::::::* cpe:2.3:h:dell:precision_3260_compact:-:::::::* cpe:2.3:h:dell:latitude_5550:-:::::::* cpe:2.3:h:dell:pro_tower_qct1250:-:::::::* cpe:2.3:h:dell:wyse_5470_mtc:-:::::::* cpe:2.3:o:dell:thinos:::::::: cpe:2.3:h:dell:wyse_5070_thin_client:-:::::::* cpe:2.3:h:dell:latitude_5450:-:::::::* cpe:2.3:h:dell:pro_24_all-in-one:-:::::::* cpe:2.3:h:dell:latitude_3330:-:::::::*

29 Aug 2025, 16:24

Type	Values Removed	Values Added
Summary		(es) Dell ThinOS 10, versiones anteriores a la 2508_10.0127, contiene una vulnerabilidad de neutralización incorrecta de delimitadores de argumentos en un comando (inyección de argumentos). Un usuario local no autenticado podría explotar esta vulnerabilidad, lo que podría provocar la elevación de privilegios y la divulgación de información.

27 Aug 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-27 14:15

Updated : 2026-01-15 14:59

NVD link : CVE-2025-43730

Mitre link : CVE-2025-43730

CVE.ORG link : CVE-2025-43730

JSON object : View

Products Affected

dell

latitude_5440
pro_rugged_14_rb14250
pro_slim_low_sff
pro_16_plus_pb16250
latitude_5450
wyse_5070_extended_thin_client
pro_max_14
optiplex_3000_tc
pro_max_16_plus
pro_14_pc14250
latitude_3450
wyse_5470_all-in-one_thin_client
pro_tower_qct1250
optiplex_7020
optiplex_all-in-one_7420
pro_16_pc16250
wyse_5070_thin_client
latitude_5530
pro_24_all-in-one
optiplex_5400_all-in-one
wyse_5470_mtc
latitude_3330
latitude_5550
latitude_3420
precision_3280
optiplex_micro_plus_7010
latitude_3440
precision_3260_compact
latitude_5540
pro_rugged_13_ra13250
latitude_5520
optiplex_all-in-one_7410
thinos

CWE

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

8.4 /10