Plattform
other
Komponente
cloudlink
Behoben in
8.1.1
CVE-2025-46364 describes a critical CLI Escape vulnerability affecting Dell CloudLink versions up to and including 8.1.1. This flaw allows a privileged user possessing a known password to escalate privileges and gain control of the system. Dell has released version 8.1.1 to address this issue, and immediate patching is recommended.
The impact of CVE-2025-46364 is severe. Successful exploitation allows an attacker, already possessing privileged credentials, to execute arbitrary commands on the affected Dell CloudLink system. This could lead to complete system compromise, including data exfiltration, modification of system configurations, and installation of malicious software. The ability to gain full system control represents a significant security risk, potentially impacting the confidentiality, integrity, and availability of data and services managed by CloudLink. The vulnerability's reliance on a known password suggests that insider threats or compromised credentials are a primary attack vector.
CVE-2025-46364 was published on 2025-11-05. The vulnerability's severity is CRITICAL (CVSS 9.1). There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept code is currently unavailable, but the nature of the vulnerability suggests it could be relatively easy to exploit once a suitable exploit is developed.
Organizations utilizing Dell CloudLink for device management and automation are at risk, particularly those with legacy configurations or weak password policies. Shared hosting environments where multiple users have privileged access to CloudLink instances are also at increased risk. Any deployment relying on default or easily guessable passwords for privileged CloudLink accounts is vulnerable.
disclosure
Exploit-Status
EPSS
0.07% (22% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-46364 is to upgrade Dell CloudLink to version 8.1.1 or later. If immediate patching is not feasible, consider implementing stricter password policies and multi-factor authentication to limit the impact of compromised credentials. Review CloudLink access logs for suspicious activity and implement network segmentation to restrict access to CloudLink systems. While a direct workaround is unavailable, regularly auditing user privileges and enforcing the principle of least privilege can reduce the attack surface. After upgrading, confirm the fix by attempting to execute commands with a privileged user account and verifying that the CLI escape is no longer possible.
Aktualisieren Sie Dell CloudLink auf Version 8.1.1 oder höher. Dieses Update behebt die CLI Escape Vulnerability (CLI Escape Vulnerability), die es privilegierten Benutzern ermöglicht, die Kontrolle über das System zu erlangen. Weitere Details und Update-Anweisungen finden Sie in der Sicherheitsmitteilung von Dell.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-46364 is a critical vulnerability in Dell CloudLink versions 8.1.1 and earlier, allowing a privileged user with a known password to gain complete control of the system through a CLI escape.
If you are using Dell CloudLink version 8.1.1 or earlier, you are potentially affected by this vulnerability. Check your current version and upgrade immediately.
The recommended fix is to upgrade Dell CloudLink to version 8.1.1 or later. If immediate upgrade is not possible, implement stricter password policies and enhanced authentication.
While no public exploits are currently known, the ease of exploitation makes active exploitation a possibility. Monitor your systems closely.
Refer to the official Dell Security Advisory for CVE-2025-46364 on the Dell Support website for detailed information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.