CVE-2025-43728
CRITICALDescription
Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dell | thinos |
| dell | latitude_3330 |
| dell | latitude_3420 |
| dell | latitude_3440 |
| dell | latitude_3450 |
| dell | latitude_5440 |
| dell | latitude_5450 |
| dell | latitude_5520 |
| dell | latitude_5530 |
| dell | latitude_5540 |
| dell | latitude_5550 |
| dell | optiplex_3000_tc |
| dell | optiplex_5400_all-in-one |
| dell | optiplex_7020 |
| dell | optiplex_all-in-one_7410 |
| dell | optiplex_all-in-one_7420 |
| dell | optiplex_micro_plus_7010 |
| dell | precision_3260_compact |
| dell | precision_3280 |
| dell | pro_14_pc14250 |
| dell | pro_16_pc16250 |
| dell | pro_16_plus_pb16250 |
| dell | pro_24_all-in-one |
| dell | pro_max_14 |
| dell | pro_max_16_plus |
| dell | pro_rugged_13_ra13250 |
| dell | pro_rugged_14_rb14250 |
| dell | pro_slim_low_sff |
| dell | pro_tower_qct1250 |
| dell | wyse_5070_extended_thin_client |
| dell | wyse_5070_thin_client |
| dell | wyse_5470_all-in-one_thin_client |
| dell | wyse_5470_mtc |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-43728? +
How severe is CVE-2025-43728? +
What products are affected by CVE-2025-43728? +
How do I check if I'm vulnerable to CVE-2025-43728? +
Related Vulnerabilities
Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security …
Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to …
Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not …
Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29.
Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS …
Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. …