Cryptographic Key Vulnerability in Dell Enterprise SONiC OS
CVE-2025-38741

7.5HIGH

Key Information:

Vendor: Dell
Status: Enterprise Sonic Os
Vendor: CVE Published:; 4 August 2025

What is CVE-2025-38741?

Dell Enterprise SONiC OS version 4.5.0 has identified a cryptographic key vulnerability associated with the SSH protocol. This issue allows for the possibility of unauthorized remote access by unauthenticated attackers, posing a significant security risk to communication systems reliant on this version. Immediate action towards mitigation is recommended for users of the affected product.

Affected Version(s)

Enterprise SONiC OS 4.5.0 < 4.5.0a

References

https://www.dell.com/support/kbdoc/en-us/000340083/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2025
Vulnerability Reserved
Apr 16, 2025