CVE-2025-26331 — Command Injection in Dell Wyse Proprietary OS

CWE-77 — Command Injection2 documents2 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 58.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Wyse Proprietary OS Dell Thinos

Timeline

PublishedMar 7

Description

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDdell/thinos2411

▶CVEListV5dell/wyse_proprietary_osN/A — ThinOS 2502

🔴Vulnerability Details

GHSA

GHSA-pppp-mqfr-xwwh: Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability↗2025-03-07

▶