CVE-2025-43882

HIGH
Published Aug 27, 2025 Modified Jan 15, 2026 CWE-283

Description

Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access.

CVSS v3.1 Score

7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-283 CWE-283

Affected Products

Vendor Product
dell thinos
dell latitude_3330
dell latitude_3420
dell latitude_3440
dell latitude_3450
dell latitude_5440
dell latitude_5450
dell latitude_5520
dell latitude_5530
dell latitude_5540
dell latitude_5550
dell optiplex_3000_tc
dell optiplex_5400_all-in-one
dell optiplex_7020
dell optiplex_all-in-one_7410
dell optiplex_all-in-one_7420
dell optiplex_micro_plus_7010
dell precision_3260_compact
dell precision_3280
dell pro_14_pc14250
dell pro_16_pc16250
dell pro_16_plus_pb16250
dell pro_24_all-in-one
dell pro_max_14
dell pro_max_16_plus
dell pro_rugged_13_ra13250
dell pro_rugged_14_rb14250
dell pro_slim_low_sff
dell pro_tower_qct1250
dell wyse_5070_extended_thin_client
dell wyse_5070_thin_client
dell wyse_5470_all-in-one_thin_client
dell wyse_5470_mtc

References

Frequently Asked Questions

What is CVE-2025-43882? +
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access. It has a CVSS v3.1 base score of 7.8 (HIGH).
How severe is CVE-2025-43882? +
CVE-2025-43882 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-43882? +
CVE-2025-43882 affects products from dell, specifically: latitude_3330, latitude_3420, latitude_3440, latitude_3450, latitude_5440, latitude_5450, latitude_5520, latitude_5530, latitude_5540, latitude_5550, optiplex_3000_tc, optiplex_5400_all-in-one, optiplex_7020, optiplex_all-in-one_7410, optiplex_all-in-one_7420, optiplex_micro_plus_7010, precision_3260_compact, precision_3280, pro_14_pc14250, pro_16_pc16250, pro_16_plus_pb16250, pro_24_all-in-one, pro_max_14, pro_max_16_plus, pro_rugged_13_ra13250, pro_rugged_14_rb14250, pro_slim_low_sff, pro_tower_qct1250, thinos, wyse_5070_extended_thin_client, wyse_5070_thin_client, wyse_5470_all-in-one_thin_client, wyse_5470_mtc. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-43882? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-27903 9.8

OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to …
CVE-2025-47940 7.2

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 …
CVE-2026-44562 6.5

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint …
CVE-2024-1853 5.5

Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys …
CVE-2025-9822 5.5

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally …
CVE-2025-1007 5.3

In OpenVSX version v0.9.0 to v0.20.0, the /user/namespace/{namespace}/details API allows a user to edit all namespace details, even if the …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-43882 — free, no signup required.

Start Free Scan