Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Protection Mechanism Failure vulnerability in Dell ThinOS 10, Patch Immediately!
Image
Published : 01/09/2025
Last update: 01/09/2025
Affected products:
- Dell – ThinOS 10
Type:
- Protection Mechanism Failure
CVE/CVSS:
- CVE-2025-43728: CVSS 9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
- CVE-2025-43729: CVSS 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
- CVE-2025-43730: CVSS 8.4 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
Dell - https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331
Risks
Newly discovered vulnerabilities in Dell ThinOS allow unauthenticated remote attackers to bypass critical security measures, potentially exposing systems to further exploitation and compromise.
Dell ThinOS is a lightweight, secure operating system widely deployed in thin client environments, often used in enterprises, to provide safe access to virtual desktops and cloud workspaces.
Successful exploitation could allow attackers to bypass security controls, gain unauthorised access, and compromise the confidentiality, integrity, and availability of business-critical systems.
Description
CVE-2025-43728
CVE-2025-43728 results from a failure in a protection mechanism, permitting unauthenticated remote attackers to bypass security controls. Successful exploitation could lead to unauthorised system access and compromise sensitive environments.
CVE-2025-43729
CVE-2025-43729 stems from incorrect permission assignments for critical resources, allowing local, low-privileged attackers to escalate privileges and gain unauthorised access. Exploitation could compromise the confidentiality and integrity of ThinOS-based systems.
CVE-2025-43730
CVE-2025-43730 results from the improper neutralisation of argument delimiters in commands, leading to argument injection. A local, unauthenticated attacker could exploit this vulnerability to escalate privileges and access sensitive information.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.