Cyber Posture

CVE-2025-30479

High

Published: 05 November 2025

Published
05 November 2025
Modified
07 November 2025
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0029 52.0th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30479 is a high-severity OS Command Injection (CWE-78) vulnerability in Dell Cloudlink. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 48.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Command and Scripting Interpreter (T1059) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates command injection (CWE-78) by requiring validation of all inputs to the system, preventing arbitrary command execution even by privileged users.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and remediation of flaws like this command injection vulnerability via patching to version 8.2 or later as advised by Dell.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to restrict high-privilege (PR:H) access, limiting the ability of users to reach or exploit the vulnerable component on adjacent networks.

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Command injection vulnerability directly enables arbitrary command execution (T1059) via exploitation of a remote service (T1210) by a privileged adjacent-network user.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system.

Deeper analysisAI

CVE-2025-30479 is a command injection vulnerability (CWE-78) affecting Dell CloudLink in versions prior to 8.2. It allows a privileged user with a known password to execute arbitrary commands, potentially leading to full system compromise. The vulnerability has a CVSS v3.1 base score of 8.4 (AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for complete confidentiality, integrity, and availability impacts with changed scope.

An attacker requires high privileges (PR:H) and must be on an adjacent network (AV:A) with low attack complexity and no user interaction needed. If the attacker's password is known, they can exploit the vulnerability to inject and run commands, achieving high-level control over the affected system, including unauthorized access to sensitive data, modification of system files, and disruption of services.

Dell's security advisory DSA-2025-374, detailed at https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities, addresses this and other vulnerabilities in Dell CloudLink with a security update to version 8.2 or later, recommending immediate patching for affected systems.

Details

CWE(s)
CWE-78

Affected Products

dell
cloudlink
≤ 8.2

CVEs Like This One

CVE-2025-45379Same product: Dell Cloudlink
CVE-2025-45378Same product: Dell Cloudlink
CVE-2025-36604Same vendor: Dell
CVE-2025-24377Same vendor: Dell
CVE-2026-22277Same vendor: Dell
CVE-2025-23383Same vendor: Dell
CVE-2025-24378Same vendor: Dell
CVE-2024-49601Same vendor: Dell
CVE-2025-24386Same vendor: Dell
CVE-2026-23774Same vendor: Dell

References