DSA-2025-374: Security Update for Dell CloudLink Multiple Security Vulnerabilities
概要: Dell CloudLink remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
Critical
詳細
| Third-party Component | CVEs | More Information |
| OpenSSH | CVE-2025-26465, CVE-2025-26466 | https://nvd.nist.gov/vuln/search |
|
Proprietary Code CVE(s) |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-45378 |
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password. |
9.1 |
|
|
CVE-2025-30479 |
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. |
8.4 |
|
|
CVE-2025-45379 |
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. |
8.4 |
|
|
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. |
9.1 |
||
|
CVE-2025-46365 |
Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. |
5.3 |
|
|
CVE-2025-46366 |
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information. |
6.7 |
|
|
CVE-2025-46424 |
Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service. |
6.7 |
|
Proprietary Code CVE(s) |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-45378 |
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password. |
9.1 |
|
|
CVE-2025-30479 |
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. |
8.4 |
|
|
CVE-2025-45379 |
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. |
8.4 |
|
|
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. |
9.1 |
||
|
CVE-2025-46365 |
Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. |
5.3 |
|
|
CVE-2025-46366 |
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information. |
6.7 |
|
|
CVE-2025-46424 |
Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service. |
6.7 |
影響を受ける製品と修復
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2025-26465, CVE-2025-26466, CVE-2025-30479, CVE-2025-45379, CVE-2025-46424 | Dell CloudLink | Versions prior to 8.2 | Version 8.2 or later | CloudLink Downloads |
| CVE-2025-45378 | Dell CloudLink | Versions 8.0 through 8.1.2 | Version 8.2 or later | CloudLink Downloads |
| CVE-2025-46364, CVE-2025-46365, CVE-2025-46366 | Dell CloudLink | Versions prior to 8.1.1 | Version 8.1.1 or later | CloudLink Downloads |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2025-26465, CVE-2025-26466, CVE-2025-30479, CVE-2025-45379, CVE-2025-46424 | Dell CloudLink | Versions prior to 8.2 | Version 8.2 or later | CloudLink Downloads |
| CVE-2025-45378 | Dell CloudLink | Versions 8.0 through 8.1.2 | Version 8.2 or later | CloudLink Downloads |
| CVE-2025-46364, CVE-2025-46365, CVE-2025-46366 | Dell CloudLink | Versions prior to 8.1.1 | Version 8.1.1 or later | CloudLink Downloads |
変更履歴
| Revision | Date | Description |
| 1.0 | 2025-10-29 | Initial Release |
| 2.0 | 2025-10-29 | Added Acknowledgements |
| 3.0 | 2025-11-12 | Corrected CVE-2025-46366 score |
| 4.0 | 2025-12-09 | Updated for enhanced presentation with no changes to content |
確認
CVE-2025-46365: Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting this issue.
関連情報
法的免責事項
対象製品
CloudLink SecureVM, CloudLink文書のプロパティ
文書番号: 000384363
文書の種類: Dell Security Advisory
最終更新: 09 12月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。