Vulnerability Description
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Thinos | <= 2411 |
| Dell | Latitude 3420 | - |
| Dell | Latitude 3440 | - |
| Dell | Latitude 5440 | - |
| Dell | Latitude 5450 | - |
| Dell | Optiplex 3000 Thin Client | - |
| Dell | Optiplex 5400 All-In-One | - |
| Dell | Optiplex 7410 All-In-One | - |
| Dell | Optiplex 7420 All-In-One | - |
| Dell | Wyse 5070 Thin Client | - |
| Dell | Wyse 5470 All-In-One Thin Client | - |
| Dell | Wyse 5470 Mobile Thin Client | - |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107Vendor Advisory
- https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2025-2633Third Party Advisory
FAQ
What is CVE-2025-26331?
CVE-2025-26331 is a vulnerability with a CVSS score of 7.8 (HIGH). Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially...
How severe is CVE-2025-26331?
CVE-2025-26331 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-26331?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Thinos, Dell Latitude 3420, Dell Latitude 3440, Dell Latitude 5440, Dell Latitude 5450.