CVE-2025-32752 - Vulnerability Details - OpenCVE

Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Dell	Thinos

Configuration 1 [-]

cpe:2.3:o:dell:thinos:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/en-us/000325632/dsa-2025-225

History

Tue, 24 Jun 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dell Dell thinos
CPEs		cpe:2.3:o:dell:thinos::::::::
Vendors & Products		Dell Dell thinos

Thu, 12 Jun 2025 16:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L'}`	cvssV3_1 `{'score': 5.7, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}`

Thu, 29 May 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 May 2025 19:00:00 +0000

Type	Values Removed	Values Added
Description		Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Weaknesses		CWE-312
References		https://www.dell.com/support/kbdoc/en-us/000325632/dsa-2025-225
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2025-05-29T18:53:52.910Z

Updated: 2025-06-12T16:34:16.735Z

Reserved: 2025-04-10T05:03:51.740Z

Link: CVE-2025-32752

Vulnrichment

Updated: 2025-05-29T19:06:03.995Z

NVD

Status : Analyzed

Published: 2025-05-29T19:15:27.630

Modified: 2025-06-24T17:54:12.473

Link: CVE-2025-32752

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32752", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "state": "PUBLISHED", "assignerShortName": "dell", "dateReserved": "2025-04-10T05:03:51.740Z", "datePublished": "2025-05-29T18:53:52.910Z", "dateUpdated": "2025-06-12T16:34:16.735Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ThinOS", "vendor": "Dell", "versions": [{"lessThan": "2505", "status": "affected", "version": "N/A", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dell Technologies would like to thank Darren McDonald at AmberWolf for reporting this issue."}], "datePublic": "2025-05-29T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.<br>"}], "value": "Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312: Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2025-06-12T16:34:16.735Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000325632/dsa-2025-225"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-29T19:05:53.778564Z", "id": "CVE-2025-32752", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-29T19:06:30.703Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32752", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-29T19:05:53.778564Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-29T19:06:03.995Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Dell Technologies would like to thank Darren McDonald at AmberWolf for reporting this issue."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dell", "product": "ThinOS", "versions": [{"status": "affected", "version": "N/A", "lessThan": "2505", "versionType": "semver"}], "defaultStatus": "unaffected"}], "datePublic": "2025-05-29T17:00:00.000Z", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000325632/dsa-2025-225", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.", "supportingMedia": [{"type": "text/html", "value": "Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312: Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell", "dateUpdated": "2025-06-12T16:34:16.735Z"}}}, "cveMetadata": {"cveId": "CVE-2025-32752", "state": "PUBLISHED", "dateUpdated": "2025-06-12T16:34:16.735Z", "dateReserved": "2025-04-10T05:03:51.740Z", "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "datePublished": "2025-05-29T18:53:52.910Z", "assignerShortName": "dell"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:thinos:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CCC0EBC-025C-4F60-91A7-8DCD8FDE02F8", "versionEndIncluding": "2502", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure."}, {"lang": "es", "value": "Dell ThinOS 2502 y versiones anteriores presentan una vulnerabilidad de almacenamiento de informaci\u00f3n confidencial en texto sin cifrar. Un atacante con privilegios elevados y acceso f\u00edsico podr\u00eda explotar esta vulnerabilidad, lo que podr\u00eda provocar una divulgaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2025-32752", "lastModified": "2025-06-24T17:54:12.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.7, "source": "security_alert@emc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-29T19:15:27.630", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000325632/dsa-2025-225"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "security_alert@emc.com", "type": "Secondary"}]}