Command Injection Vulnerability in Dell CloudLink
CVE-2025-46365

5.3MEDIUM

Key Information:

Vendor: Dell
Status: ClouD-Link
Vendor: CVE Published:; 5 November 2025

What is CVE-2025-46365?

Dell CloudLink versions before 8.1.1 are susceptible to a command injection vulnerability that can be exploited by an authenticated attacker. This flaw allows attackers to execute arbitrary commands on the affected Dell CloudLink instances, posing a significant risk to system integrity and confidentiality. Users are advised to apply available security updates to mitigate potential threats.

Affected Version(s)

CloudLink < 8.1.1

References

https://www.dell.com/support/kbdoc/en-us/000384363/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2025
Vulnerability Reserved
Apr 23, 2025

Credit

Dell would like to thank zzcentury from Ubisectech Sirius Team for reporting this issue.

JSON