DSA-2025-374: Security Update for Dell CloudLink Multiple Security Vulnerabilities
摘要: Dell CloudLink remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
Critical
详情
| Third-party Component | CVEs | More Information |
| OpenSSH | CVE-2025-26465, CVE-2025-26466 | https://nvd.nist.gov/vuln/search |
|
Proprietary Code CVE(s) |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-45378 |
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password. |
9.1 |
|
|
CVE-2025-30479 |
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. |
8.4 |
|
|
CVE-2025-45379 |
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. |
8.4 |
|
|
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. |
9.1 |
||
|
CVE-2025-46365 |
Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. |
5.3 |
|
|
CVE-2025-46366 |
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information. |
6.7 |
|
|
CVE-2025-46424 |
Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service. |
6.7 |
|
Proprietary Code CVE(s) |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-45378 |
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password. |
9.1 |
|
|
CVE-2025-30479 |
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. |
8.4 |
|
|
CVE-2025-45379 |
Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. |
8.4 |
|
|
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. |
9.1 |
||
|
CVE-2025-46365 |
Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. |
5.3 |
|
|
CVE-2025-46366 |
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information. |
6.7 |
|
|
CVE-2025-46424 |
Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service. |
6.7 |
受影响的产品和补救措施
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2025-26465, CVE-2025-26466, CVE-2025-30479, CVE-2025-45379, CVE-2025-46424 | Dell CloudLink | Versions prior to 8.2 | Version 8.2 or later | CloudLink Downloads |
| CVE-2025-45378 | Dell CloudLink | Versions 8.0 through 8.1.2 | Version 8.2 or later | CloudLink Downloads |
| CVE-2025-46364, CVE-2025-46365, CVE-2025-46366 | Dell CloudLink | Versions prior to 8.1.1 | Version 8.1.1 or later | CloudLink Downloads |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2025-26465, CVE-2025-26466, CVE-2025-30479, CVE-2025-45379, CVE-2025-46424 | Dell CloudLink | Versions prior to 8.2 | Version 8.2 or later | CloudLink Downloads |
| CVE-2025-45378 | Dell CloudLink | Versions 8.0 through 8.1.2 | Version 8.2 or later | CloudLink Downloads |
| CVE-2025-46364, CVE-2025-46365, CVE-2025-46366 | Dell CloudLink | Versions prior to 8.1.1 | Version 8.1.1 or later | CloudLink Downloads |
修订历史记录
| Revision | Date | Description |
| 1.0 | 2025-10-29 | Initial Release |
| 2.0 | 2025-10-29 | Added Acknowledgements |
| 3.0 | 2025-11-12 | Corrected CVE-2025-46366 score |
| 4.0 | 2025-12-09 | Updated for enhanced presentation with no changes to content |
确认
CVE-2025-46365: Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting this issue.
相关信息
法律免责声明
受影响的产品
CloudLink SecureVM, CloudLink文章属性
文章编号: 000384363
文章类型: Dell Security Advisory
上次修改时间: 09 12月 2025
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。