Cyber Resilience

CVE-2025-26331

High

Published: 07 March 2025

Published
07 March 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 41.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26331 is a high-severity Command Injection (CWE-77) vulnerability in Dell Thinos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 41.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-26331 is an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability, classified under CWE-77, affecting Dell ThinOS versions 2411 and prior. Published on 2025-03-07, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

A low-privileged attacker with local access can exploit this vulnerability to achieve arbitrary code execution. The attack requires local access and low privileges but no user interaction, with effects confined to the local scope.

Dell Security Advisory DSA-2025-107 at https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 and INCIBE-CERT early alert at https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2025-26331 provide further details on the vulnerability and mitigation steps.

EU & UK References

Vulnerability details

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Command injection vulnerability enables local low-privileged arbitrary code execution via Unix shell and facilitates privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27688Same product: Dell Latitude 3420
CVE-2025-22473Same vendor: Dell
CVE-2025-22472Same vendor: Dell
CVE-2026-23862Same product: Dell Thinos
CVE-2026-22284Same vendor: Dell
CVE-2024-48830Same vendor: Dell
CVE-2026-23778Same vendor: Dell
CVE-2025-46428Same vendor: Dell
CVE-2025-23383Same vendor: Dell
CVE-2026-22277Same vendor: Dell

Affected Assets

dell
thinos
≤ 2411

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly prevents command injection by requiring validation of inputs to neutralize special elements before command execution.

prevent

SI-2 mitigates the vulnerability by identifying, patching, and remediating the specific command injection flaw in Dell ThinOS.

prevent

AC-6 limits the impact of arbitrary code execution by enforcing least privilege on the low-privileged local attacker.

References