Home

Description

Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink.

PUBLISHED Reserved 2025-04-23 | Published 2025-11-05 | Updated 2025-11-06 | Assigner dell




MEDIUM: 5.3CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

Problem types

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status
unaffected

Any version before 8.1.1
affected

Credits

Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting this issue. finder

References

www.dell.com/...-cloudlink-multiple-security-vulnerabilities vendor-advisory

cve.org (CVE-2025-46365)

nvd.nist.gov (CVE-2025-46365)

Download JSON