CVE-2025-45378CRITICAL 9.1EPSS p22.7%

CVE-2025-45378CVE-2025-45378

Description

Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS0.31% probability of exploitation · percentile 22.7% · 2026-06-19T12:03:05Z
Published2025-11-05
Last modified2025-11-07

Underlying weaknesses· 1

CWE-78

References

  1. https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-45379
CVE
CVE-2025-43728
CVE
CVE-2025-46428
CVE
CVE-2025-26477
CVE
CVE-2025-30475
CVE
CVE-2025-32750
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.