CVE-2025-43730
HIGHDescription
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.
Is your site exposed to CVE-2025-43730?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| dell | thinos |
| dell | latitude_3330 |
| dell | latitude_3420 |
| dell | latitude_3440 |
| dell | latitude_3450 |
| dell | latitude_5440 |
| dell | latitude_5450 |
| dell | latitude_5520 |
| dell | latitude_5530 |
| dell | latitude_5540 |
| dell | latitude_5550 |
| dell | optiplex_3000_tc |
| dell | optiplex_5400_all-in-one |
| dell | optiplex_7020 |
| dell | optiplex_all-in-one_7410 |
| dell | optiplex_all-in-one_7420 |
| dell | optiplex_micro_plus_7010 |
| dell | precision_3260_compact |
| dell | precision_3280 |
| dell | pro_14_pc14250 |
| dell | pro_16_pc16250 |
| dell | pro_16_plus_pb16250 |
| dell | pro_24_all-in-one |
| dell | pro_max_14 |
| dell | pro_max_16_plus |
| dell | pro_rugged_13_ra13250 |
| dell | pro_rugged_14_rb14250 |
| dell | pro_slim_low_sff |
| dell | pro_tower_qct1250 |
| dell | wyse_5070_extended_thin_client |
| dell | wyse_5070_thin_client |
| dell | wyse_5470_all-in-one_thin_client |
| dell | wyse_5470_mtc |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-43730? +
How severe is CVE-2025-43730? +
What products are affected by CVE-2025-43730? +
How do I check if I'm vulnerable to CVE-2025-43730? +
Related Vulnerabilities
A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A …
Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows …
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations …
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects …
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command …
Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a …