Dell Thinos vulnerabilities

CVE-2025-43728 [CRITICAL] CWE-693 CVE-2025-43728: Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

CVE-2025-43882 [HIGH] CWE-283 CVE-2025-43882: Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A lo Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access.

CVE-2025-43729 [HIGH] CWE-732 CVE-2025-43729: Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Crit Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access.

CVE-2025-43730 [HIGH] CWE-88 CVE-2025-43730: Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Deli Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.

CVE-2025-32752 [MEDIUM] CWE-312 CVE-2025-32752: Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A hig Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

CVE-2025-27688 [HIGH] CWE-732 CVE-2025-27688: Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacke Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CVE-2025-26331 [HIGH] CWE-77 CVE-2025-26331: Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Comman Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

CVE-2024-53289 [HIGH] CWE-367 CVE-2024-53289: Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVE-2024-53290 [HIGH] CWE-77 CVE-2024-53290: Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ( Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution