Improper Restriction of XML External Entity Reference in Dell CloudLink
CVE-2025-26484

5.5MEDIUM

Key Information:

Vendor: Dell
Status: ClouD-Link
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-26484?

Dell CloudLink versions 8.0 through 8.1.1 are affected by an improper restriction of XML external entity reference vulnerability. This security flaw can be exploited by an attacker with high privileges and remote access to the system. If successfully exploited, it could result in critical disruptions, including Denial of Service. Organizations using these versions should prioritize patching this vulnerability to enhance their security posture.

Affected Version(s)

CloudLink 8.0 <= 8.1.1

References

https://www.dell.com/support/kbdoc/en-us/000356343/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Feb 11, 2025

Credit

Dell would like to thank n3k From TIANGONG Team of Legendsec at QI-ANXIN Group for reporting this issue