CVE-2025-27688

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27688
Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:thinos:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5450:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5400_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7410_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7420_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:*
History

01 Jul 2025, 15:08

Type Values Removed Values Added
First Time Dell thinos
Dell optiplex 5400 All-in-one
Dell latitude 5450
Dell latitude 3440
Dell latitude 5440
Dell latitude 3420
Dell optiplex 3000 Thin Client
Dell
Dell optiplex 7410 All-in-one
Dell wyse 5070 Thin Client
Dell optiplex 7420 All-in-one
Dell wyse 5470 All-in-one Thin Client
Dell wyse 5470 Mobile Thin Client
CPE cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5450:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_3000_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_5400_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5470_all-in-one_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5470_mobile_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:wyse_5070_thin_client:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7420_all-in-one:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_3440:-:*:*:*:*:*:*:*
cpe:2.3:h:dell:latitude_5440:-:*:*:*:*:*:*:*
cpe:2.3:o:dell:thinos:*:*:*:*:*:*:*:*
cpe:2.3:h:dell:optiplex_7410_all-in-one:-:*:*:*:*:*:*:*
References () https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 - () https://www.dell.com/support/kbdoc/en-us/000289886/dsa-2025-107 - Vendor Advisory
Summary
  • (es) Dell ThinOS 2408 y versiones anteriores presentan una vulnerabilidad de permisos inadecuados. Un atacante con pocos privilegios y acceso local podría explotar esta vulnerabilidad, lo que conllevaría una elevación de privilegios.

18 Mar 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-18 16:15

Updated : 2025-07-01 15:08

NVD link : CVE-2025-27688

Mitre link : CVE-2025-27688

CVE.ORG link : CVE-2025-27688

JSON object : View

Products Affected

dell

  • wyse_5470_all-in-one_thin_client
  • wyse_5470_mobile_thin_client
  • optiplex_5400_all-in-one
  • optiplex_3000_thin_client
  • latitude_5440
  • optiplex_7410_all-in-one
  • latitude_5450
  • latitude_3440
  • latitude_3420
  • thinos
  • wyse_5070_thin_client
  • optiplex_7420_all-in-one
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource