Cyber Posture

CVE-2025-45379

High

Published: 05 November 2025

Published
05 November 2025
Modified
07 November 2025
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0009 25.2th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-45379 is a high-severity OS Command Injection (CWE-78) vulnerability in Dell Cloudlink. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 25.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents command injection vulnerability by validating and sanitizing console inputs to block arbitrary command execution.

SI-2 Flaw Remediation good match
prevent

Remediates the specific command injection flaw through timely identification, reporting, and application of the vendor security update to version 8.2.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to limit the damage from shell access obtained via command injection by privileged users, reducing potential system compromise impact.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Command injection vulnerability in Dell CloudLink console enables exploitation of a remote service (T1210) to execute arbitrary commands and gain Unix shell access (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system.

Deeper analysisAI

CVE-2025-45379 is a command injection vulnerability (CWE-78) in Dell CloudLink versions prior to 8.2. The flaw allows a privileged user with a known password to execute arbitrary commands via the console, enabling shell access to the underlying system. It carries a CVSS v3.1 base score of 8.4 (AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

Exploitation requires adjacent network access (AV:A) and possession of a privileged user's known password, with low attack complexity and no user interaction needed. A successful attack grants shell access with elevated privileges, allowing full system compromise through the changed scope (S:C), resulting in high-impact effects on the targeted system.

Dell has released a security update addressing this and other vulnerabilities in CloudLink, as detailed in DSA-2025-374. Practitioners should consult the advisory at https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities and upgrade affected systems to version 8.2 or later for mitigation.

Details

CWE(s)
CWE-78

Affected Products

dell
cloudlink
≤ 8.2

CVEs Like This One

CVE-2025-45378Same product: Dell Cloudlink
CVE-2025-30479Same product: Dell Cloudlink
CVE-2026-22277Same vendor: Dell
CVE-2025-23383Same vendor: Dell
CVE-2025-24378Same vendor: Dell
CVE-2025-24386Same vendor: Dell
CVE-2026-23774Same vendor: Dell
CVE-2025-24379Same vendor: Dell
CVE-2025-46645Same vendor: Dell
CVE-2024-49565Same vendor: Dell

References