Cyber Resilience

CVE-2025-30479

High

Published: 05 November 2025

Published
05 November 2025
Modified
07 November 2025
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0024 47.7th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30479 is a high-severity OS Command Injection (CWE-78) vulnerability in Dell Cloudlink. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 47.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-30479 is a command injection vulnerability (CWE-78) affecting Dell CloudLink in versions prior to 8.2. It allows a privileged user with a known password to execute arbitrary commands, potentially leading to full system compromise. The vulnerability has a CVSS v3.1 base score of 8.4 (AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for complete confidentiality, integrity, and availability impacts with changed scope.

An attacker requires high privileges (PR:H) and must be on an adjacent network (AV:A) with low attack complexity and no user interaction needed. If the attacker's password is known, they can exploit the vulnerability to inject and run commands, achieving high-level control over the affected system, including unauthorized access to sensitive data, modification of system files, and disruption of services.

Dell's security advisory DSA-2025-374, detailed at https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities, addresses this and other vulnerabilities in Dell CloudLink with a security update to version 8.2 or later, recommending immediate patching for affected systems.

EU & UK References

Vulnerability details

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Command injection vulnerability directly enables arbitrary command execution (T1059) via exploitation of a remote service (T1210) by a privileged adjacent-network user.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-45379Same product: Dell Cloudlink
CVE-2025-45378Same product: Dell Cloudlink
CVE-2025-36604Same vendor: Dell
CVE-2025-24377Same vendor: Dell
CVE-2025-23383Same vendor: Dell
CVE-2026-22277Same vendor: Dell
CVE-2025-46645Same vendor: Dell
CVE-2025-24385Same vendor: Dell
CVE-2026-23774Same vendor: Dell
CVE-2025-24380Same vendor: Dell

Affected Assets

dell
cloudlink
≤ 8.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates command injection (CWE-78) by requiring validation of all inputs to the system, preventing arbitrary command execution even by privileged users.

prevent

Requires timely identification, reporting, and remediation of flaws like this command injection vulnerability via patching to version 8.2 or later as advised by Dell.

prevent

Enforces least privilege to restrict high-privilege (PR:H) access, limiting the ability of users to reach or exploit the vulnerable component on adjacent networks.

References