Skip to main content

Pro Smart Dock Sd25 Firmware CVE-2025-36573

| EUVDEUVD-2025-18198 HIGH
Insertion of Sensitive Information into Log File (CWE-532)
2025-06-12 security_alert@emc.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:39 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
01.00.08.01
EUVD ID Assigned
Mar 14, 2026 - 21:20 euvd
EUVD-2025-18198
Analysis Generated
Mar 14, 2026 - 21:20 vuln.today
CVE Published
Jun 12, 2025 - 16:15 nvd
HIGH 7.1

DescriptionCVE.org

Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure.

AnalysisAI

Dell Smart Dock Firmware versions prior to 01.00.08.01 contain an insertion of sensitive information into log file vulnerability (CWE-532) that allows local attackers without privileges to read confidential data through log file access. This is a moderate-to-high severity information disclosure issue (CVSS 7.1) affecting physical/local access scenarios; while not remotely exploitable, the lack of privilege requirements and cross-system scope impact make this a meaningful risk for shared device environments.

Technical ContextAI

This vulnerability represents a classic CWE-532 (Insertion of Sensitive Information into Log File) flaw where the Dell Smart Dock firmware improperly logs sensitive data (credentials, tokens, configuration details, or PII) in plaintext or insufficiently protected log files. The Smart Dock is a USB-C/Thunderbolt docking station that centralizes connectivity for laptops and desktops. The root cause stems from inadequate data classification during logging operations—developers failed to sanitize or exclude sensitive information before writing to persistent logs. The CVSS vector (AV:L/AC:L/PR:N/UI:N) indicates this requires local file system access but no special privileges, meaning any user account on the dock's management interface or connected system could retrieve logs. The S:C (Scope Changed) rating indicates confidentiality impact extends beyond the vulnerable component to connected systems.

RemediationAI

Immediate action: Update Dell Smart Dock firmware to version 01.00.08.01 or later. Patch availability: Dell has released firmware version 01.00.08.01 as the fixed version; users should download from Dell's support portal or use Dell's automatic firmware update mechanism (if available) via the docking station management software. Interim mitigations pending patching: (1) Restrict physical/USB access to Smart Dock devices to trusted users only; (2) Disable or secure access to firmware management interfaces if exposed to untrusted local networks; (3) Review existing dock logs for evidence of exposed sensitive data (credentials, API keys, PII) and rotate credentials if compromised; (4) Implement file-level access controls on dock configuration/log storage to prevent unprivileged log access; (5) Segregate dock management traffic on isolated network segments if remote management is enabled. Monitor Dell security advisories for official patch links and compatibility notes.

Share

CVE-2025-36573 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy