DSA-2025-454: Security Update for Dell ThinOS 10 for Multiple Vulnerabilities

Table of Contents

Detailed Article

Impact

Details

Affected Products & Remediation

Revision History

Acknowledgements

Related Info

Legal Disclaimer

Affected Products

Provide Feedback

Summary: Dell ThinOS 10 remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Impact

Critical

Details

Third-party Component	CVEs	More Information
LibTIFF	CVE-2025-8176, CVE-2025-8177, CVE-2025-8851, CVE-2025-8534	https://nvd.nist.gov/vuln/search
OpenJPEG	CVE-2025-50952	https://nvd.nist.gov/vuln/search
Python	CVE-2025-8194, CVE-2025-6069	https://nvd.nist.gov/vuln/search
Kerberos	CVE-2024-26461, CVE-2024-26462, CVE-2024-26458	https://nvd.nist.gov/vuln/search
Poppler	CVE-2025-50420	https://nvd.nist.gov/vuln/search
Libxml2	CVE-2025-9714	https://nvd.nist.gov/vuln/search
electron	CVE-2024-5197, CVE-2025-6965, CVE-2023-6349, CVE-2023-44488, CVE-2024-25629, CVE-2023-32067, CVE-2023-31147, CVE-2023-31130, CVE-2023-31124	https://nvd.nist.gov/vuln/search
Citrix workspace	CVE-2022-4904, CVE-2023-32067, CVE-2020-8277	https://nvd.nist.gov/vuln/search
Imprivata PIE client	CVE-2023-25193, CVE-2024-28757, CVE-2024-45490	https://nvd.nist.gov/vuln/search
egvmagent client	CVE-2020-14152	https://nvd.nist.gov/vuln/search

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-46680	Dell ThinOS 10, versions prior to ThinOS 10 2511_10.0320, contain an Improper Neutralization of Special Characters vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2025-46694	Dell ThinOS 10, versions prior to ThinOS 10 2511_10.0320, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2025-46693	Dell ThinOS 10, versions prior to ThinOS 10 2511_10.0320, contain an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2025-46680	Dell ThinOS 10, versions prior to ThinOS 10 2511_10.0320, contain an Improper Neutralization of Special Characters vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2025-46694	Dell ThinOS 10, versions prior to ThinOS 10 2511_10.0320, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2025-46693	Dell ThinOS 10, versions prior to ThinOS 10 2511_10.0320, contain an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products & Remediation

CVE ID	Product	Affected Versions	Remediated Versions	Release Date (MM/DD/YYYY)	Link
CVE-2025-8176, CVE-2025-8177, CVE-2025-8851, CVE-2025-8534, CVE-2025-50952, CVE-2025-8194, CVE-2025-6069, CVE-2024-26458, CVE-2024-26461, CVE-2024-26462,CVE-2025-50420, CVE-2025-9714, CVE-2024-5197, CVE-2025-6965, CVE-2023-6349, CVE-2023-44488, CVE-2024-25629, CVE-2023-32067, CVE-2023-31147, CVE-2023-31130, CVE-2023-31124, CVE-2025-46680, CVE-2025-46694, CVE-2025-46693	ThinOS 10	Versions prior to 2511_10.0320	Version 2511_10.0320 or later	12/5/2025	ThinOS 9.5.3102 or Later to ThinOS 10 2511 Upgrade Package \| Driver Details
CVE-2023-25193, CVE-2024-28757, CVE-2024-45490	ThinOS 10	Versions prior to Imprivata_PIE_23.3.0.715913.128_T10	Version Imprivata_PIE_23.3.0.715913.128_T10 or later	12/5/2025	ThinOS 10 2511 Imprivata Package \| Driver Details
CVE-2020-14152	ThinOS 10	Versions prior to eG_VM_Agent_7.5.2.204_T10	Version eG_VM_Agent_7.5.2.204_T10 or later	12/5/2025	ThinOS 10 2511 eG VM Agent Package \| Driver Details

CVE ID	Product	Affected Versions	Remediated Versions	Release Date (MM/DD/YYYY)	Link
CVE-2025-8176, CVE-2025-8177, CVE-2025-8851, CVE-2025-8534, CVE-2025-50952, CVE-2025-8194, CVE-2025-6069, CVE-2024-26458, CVE-2024-26461, CVE-2024-26462,CVE-2025-50420, CVE-2025-9714, CVE-2024-5197, CVE-2025-6965, CVE-2023-6349, CVE-2023-44488, CVE-2024-25629, CVE-2023-32067, CVE-2023-31147, CVE-2023-31130, CVE-2023-31124, CVE-2025-46680, CVE-2025-46694, CVE-2025-46693	ThinOS 10	Versions prior to 2511_10.0320	Version 2511_10.0320 or later	12/5/2025	ThinOS 9.5.3102 or Later to ThinOS 10 2511 Upgrade Package \| Driver Details
CVE-2023-25193, CVE-2024-28757, CVE-2024-45490	ThinOS 10	Versions prior to Imprivata_PIE_23.3.0.715913.128_T10	Version Imprivata_PIE_23.3.0.715913.128_T10 or later	12/5/2025	ThinOS 10 2511 Imprivata Package \| Driver Details
CVE-2020-14152	ThinOS 10	Versions prior to eG_VM_Agent_7.5.2.204_T10	Version eG_VM_Agent_7.5.2.204_T10 or later	12/5/2025	ThinOS 10 2511 eG VM Agent Package \| Driver Details

Revision History

Revision	Date	Description
1.0	2025-12-11	Initial Release
2.0	2025-12-11	Corrected initial release date to 2025-12-11.

Acknowledgements

CVE-2025-46680: Dell Technologies would like to thank Brandon Schreiber for reporting this issue.

Related Information

Legal Disclaimer

Affected Products

Dell Pro Max 16 Plus MB16250, Dell Pro Max 14 MC14250, Dell Pro 16 Plus PB16250, Dell Pro 14 PC14250, Dell Pro 16 PC16250, Dell Pro 24 All-in-One Plus QB24250, Dell Pro Slim Plus QBS1250, Dell Pro Slim Plus XE5 QBS1250, Dell Pro Tower Plus QBT1250 , Dell Pro Tower Plus XE5 QBT1250, Dell Pro 24 All-in-One QC24250, Dell Pro 24 All-in-One QC24251, Dell Pro Slim QCS1250, Dell Pro Tower QCT1250, Dell Pro Rugged 13 RA13250, Dell Pro Rugged 14 RB14250, Latitude 3330, Latitude 3420, Latitude 3440, Latitude 3450, Latitude 5440, Latitude 5450, Latitude 5520, Latitude 5530, Latitude 5540, Latitude 5550, OptiPlex 3000 Thin Client, OptiPlex 5400 All-In-One, OptiPlex Micro 7010, OptiPlex Micro Plus 7010, OptiPlex Micro 7020, OptiPlex Micro Plus 7020, OptiPlex All-In-One 7410, OptiPlex All-in-One Plus 7410, OptiPlex All-in-One 7420, OptiPlex All-in-One Plus 7420, Precision 3260 Compact, Precision 3280 Compact, Wyse 5070 Thin Client, Wyse 5470 All-In-One, Wyse 5470, Dell ThinOS ...

Article Number: 000400387

Article Type: Dell Security Advisory

Last Modified: 11 Dec 2025

Check if your device is covered by Support Services.

DSA-2025-454: Security Update for Dell ThinOS 10 for Multiple Vulnerabilities

Summary: Dell ThinOS 10 remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.

Impact

Details

Affected Products & Remediation

Revision History

Acknowledgements

Related Information

Legal Disclaimer

Affected Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services