CVE-2025-43728
Published: 27 August 2025
Summary
CVE-2025-43728 is a critical-severity Protection Mechanism Failure (CWE-693) vulnerability in Dell Thinos. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-43728 is a Protection Mechanism Failure vulnerability (CWE-693) in Dell ThinOS 10, affecting versions prior to 2508_10.0127. This flaw enables an unauthenticated attacker with remote access to bypass protection mechanisms, as detailed in the CVE description published on 2025-08-27.
The vulnerability has a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating exploitation over the network with low attack complexity, no required privileges, and user interaction. An unauthenticated remote attacker could leverage this to achieve high impacts on confidentiality, integrity, and availability, including full system compromise due to the changed scope.
Dell advisory DSA-2025-331, available at https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331, addresses the issue, with remediation in ThinOS 10 version 2508_10.0127 and later. Security practitioners should apply this update to vulnerable systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25881
Vulnerability details
Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated bypass of protection mechanisms in Dell ThinOS enables exploitation of a public-facing application or service, leading to full system compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely flaw remediation including patching Dell ThinOS to version 2508_10.0127, directly eliminating the protection mechanism bypass vulnerability.
Mandates a tamper-proof reference monitor to enforce access control policies, comprehensively countering protection mechanism failures like this CVE.
Ensures monitoring and response to vendor advisories such as Dell DSA-2025-331, enabling proactive mitigation of this specific vulnerability.