Cloudlink
CVE-2025-45378
CRITICAL
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system.
If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password.
AnalysisAI
Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password. Affected products include: Dell Cloudlink. Version information: through 8.1.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. Rated critical severity
Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. Rated critical severity (CVSS
Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulner
CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. Rated high sever
CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions Vulnerability in Clus
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. Rated high severity (CVSS 7
Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. Rated medium severity (CVSS 6.
Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnera
Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerabilit
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel p
Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticat
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today