CVE-2025-26331

High

Published: 07 March 2025

Published

07 March 2025

Modified

01 July 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0019 41.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26331 is a high-severity Command Injection (CWE-77) vulnerability in Dell Thinos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 41.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 directly prevents command injection by requiring validation of inputs to neutralize special elements before command execution.

SI-2 Flaw Remediation good match

prevent

SI-2 mitigates the vulnerability by identifying, patching, and remediating the specific command injection flaw in Dell ThinOS.

AC-6 Least Privilege partial match

prevent

AC-6 limits the impact of arbitrary code execution by enforcing least privilege on the low-privileged local attacker.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Command injection vulnerability enables local low-privileged arbitrary code execution via Unix shell and facilitates privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Deeper analysisAI

CVE-2025-26331 is an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability, classified under CWE-77, affecting Dell ThinOS versions 2411 and prior. Published on 2025-03-07, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

A low-privileged attacker with local access can exploit this vulnerability to achieve arbitrary code execution. The attack requires local access and low privileges but no user interaction, with effects confined to the local scope.

Dell Security Advisory DSA-2025-107 at https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 and INCIBE-CERT early alert at https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2025-26331 provide further details on the vulnerability and mitigation steps.

Details

CWE(s): CWE-77

Affected Products

dell

thinos

≤ 2411

CVEs Like This One

CVE-2025-27688Same product: Dell Latitude 3420

CVE-2025-22472Same vendor: Dell

CVE-2025-22473Same vendor: Dell

CVE-2024-48830Same vendor: Dell

CVE-2026-23778Same vendor: Dell

CVE-2026-22284Same vendor: Dell

CVE-2025-46428Same vendor: Dell

CVE-2026-22277Same vendor: Dell

CVE-2025-23383Same vendor: Dell

CVE-2025-24378Same vendor: Dell

References

https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107
Vendor Advisory · security_alert@emc.com
https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2025-26331
Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0