CVE-2025-22472

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of commands with elevated privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities	Vendor Advisory
https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:dell:smartfabric_os10::::::::
	cpe:2.3:o:dell:smartfabric_os10::::::::
	cpe:2.3:o:dell:smartfabric_os10::::::::
	cpe:2.3:o:dell:smartfabric_os10::::::::

History

14 Jul 2025, 20:30

Type	Values Removed	Values Added
CPE		cpe:2.3:o:dell:smartfabric_os10::::::::
First Time		Dell smartfabric Os10 Dell
Summary		(es) Dell SmartFabric OS10 Software, versiones 10.5.4.x, 10.5.5.x, 10.5.6.x y 10.6.0.x, contiene una vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando (inyección de comandos). Un atacante con privilegios bajos y acceso local podría explotar esta vulnerabilidad, lo que provocaría la ejecución de comandos con privilegios elevados.
References	~~() https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000289970/dsa-2025-070-security-update-for-dell-networking-os10-vulnerabilities - Vendor Advisory
References	~~() https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000293638/dsa-2025-069-security-update-for-dell-networking-os10-vulnerabilities - Vendor Advisory
References	~~() https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000294091/dsa-2025-079-security-update-for-dell-networking-os10-vulnerabilities - Vendor Advisory
References	~~() https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000295014/dsa-2025-068-security-update-for-dell-networking-os10-vulnerabilities - Vendor Advisory

17 Mar 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-17 18:15

Updated : 2025-07-14 20:30

NVD link : CVE-2025-22472

Mitre link : CVE-2025-22472

CVE.ORG link : CVE-2025-22472

JSON object : View

Products Affected

dell

smartfabric_os10

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

7.8 /10