CVE-2025-45378
Published: 05 November 2025
Summary
CVE-2025-45378 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dell Cloudlink. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the OS command injection flaw (CWE-78) in the Dell CloudLink restricted shell through timely patching as detailed in DSA-2025-374.
Validates inputs to the restricted shell to prevent command injection attacks that enable shell escape and privilege escalation.
Enforces least privilege on accounts to limit the scope of unauthorized access and damage following successful shell escape by a privileged user.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables OS command injection in restricted shell for privileged users, directly facilitating Unix shell access (T1059.004), privilege escalation (T1068), and exploitation of remote service (T1210).
NVD Description
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh…
more
is enabled with web credentials of server, attack is possible through network with known privileged user/password.
Deeper analysisAI
CVE-2025-45378 is a vulnerability in the restricted shell of Dell CloudLink, affecting versions 8.0 through 8.1.2. Classified under CWE-78 (OS Command Injection), it enables a privileged user with a known password to break into the command shell of the CloudLink server, gain shell access, escalate privileges, and obtain unauthorized access to the system. The issue was published on 2025-11-05 and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, high privileges required, changed scope, and high impacts on confidentiality, integrity, and availability.
Exploitation targets a privileged user account where the password is known to the attacker. If SSH is enabled with the server's web credentials, the attack can be performed remotely over the network. Upon success, the attacker achieves full command shell access, privilege escalation, and broad unauthorized control over the CloudLink server and underlying system resources.
Dell advisories detail mitigation in DSA-2025-374, a security update addressing multiple vulnerabilities in Dell CloudLink. Security practitioners should consult https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities for patch deployment instructions and additional remediation steps.
Details
- CWE(s)