CVE-2025-43728

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-43728
Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

9.6 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:thinos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_3330:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3450:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5450:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5520:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5530:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5540:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5550:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000_tc:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5400_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7020:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_all-in-one_7410:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_all-in-one_7420:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_micro_plus_7010:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3260_compact:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:precision_3280:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:pro_14_pc14250:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:pro_16_pc16250:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:pro_16_plus_pb16250:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:pro_24_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:pro_max_14:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:pro_max_16_plus:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:pro_rugged_13_ra13250:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:pro_rugged_14_rb14250:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:pro_slim_low_sff:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:pro_tower_qct1250:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5070_extended_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5470_mtc:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-08-27 14:15

Updated : 2026-01-15 15:12

NVD link : CVE-2025-43728

Mitre link : CVE-2025-43728

CVE.ORG link : CVE-2025-43728

JSON object : View

Products Affected

dell

  • optiplex_3000_tc
  • pro_max_16_plus
  • optiplex_all-in-one_7410
  • pro_24_all-in-one
  • wyse_5070_extended_thin_client
  • pro_tower_qct1250
  • optiplex_5400_all-in-one
  • latitude_3330
  • latitude_5550
  • wyse_5470_all-in-one_thin_client
  • latitude_5520
  • pro_16_plus_pb16250
  • optiplex_all-in-one_7420
  • thinos
  • pro_slim_low_sff
  • latitude_5440
  • optiplex_micro_plus_7010
  • pro_rugged_14_rb14250
  • latitude_3440
  • latitude_5530
  • pro_max_14
  • optiplex_7020
  • pro_rugged_13_ra13250
  • pro_16_pc16250
  • wyse_5470_mtc
  • latitude_5450
  • latitude_3420
  • precision_3260_compact
  • precision_3280
  • wyse_5070_thin_client
  • pro_14_pc14250
  • latitude_5540
  • latitude_3450
CWE
CWE-693

Protection Mechanism Failure

NVD-CWE-Other