CVE-2025-32752 – Dell ThinOS 2502 and earlier versions store sen... (How to Fix)

Q: What is the severity of CVE-2025-32752?

CVE-2025-32752 has a CVSS score of 5.7 (MEDIUM). Dell ThinOS 2502 and earlier versions store sensitive information in cleartext, allowing high-privileged attackers with physical access to read this data. This vulnerability affects organizations using Dell ThinOS thin clients in their environments, potentially exposing credentials or configuration data.

📋 TL;DR

Dell ThinOS 2502 and earlier versions store sensitive information in cleartext, allowing high-privileged attackers with physical access to read this data. This vulnerability affects organizations using Dell ThinOS thin clients in their environments, potentially exposing credentials or configuration data.

💻 Affected Systems

Products:

Dell ThinOS

Versions: 2502 and prior versions

Operating Systems: Dell ThinOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where Dell ThinOS is used as the operating system on thin client devices.

📦 What is this software?

Thinos by Dell

View all CVEs affecting Thinos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers with physical access could extract administrative credentials, configuration secrets, or user authentication data, leading to full system compromise or lateral movement within the network.

🟠

Likely Case

Insider threats or unauthorized personnel with physical access to thin clients could read stored credentials or sensitive configuration data.

🟢

If Mitigated

With proper physical security controls and access restrictions, the risk is significantly reduced as attackers cannot gain physical access to devices.

🌐 Internet-Facing: LOW - This vulnerability requires physical access to the device, making remote exploitation unlikely.

🏢 Internal Only: MEDIUM - Internal threats with physical access to thin client devices could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires physical access to the device and high-privileged access to read cleartext storage locations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Dell advisory for specific patched versions

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000325632/dsa-2025-225

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2025-225. 2. Download and apply the latest ThinOS update from Dell support. 3. Reboot the thin client devices after patching.

🔧 Temporary Workarounds

Physical Security Controls

all

Implement strict physical access controls to prevent unauthorized personnel from accessing thin client devices.

Access Restriction

all

Limit administrative access to thin client devices to authorized personnel only.

🧯 If You Can't Patch

Implement strict physical security controls around thin client devices
Regularly audit and monitor physical access to thin client locations

🔍 How to Verify

Check if Vulnerable:

Check ThinOS version on devices - if running 2502 or earlier, the system is vulnerable.

Check Version:

Check ThinOS version through device settings or management console

Verify Fix Applied:

Verify ThinOS version has been updated to a version after 2502 as specified in Dell's advisory.

📡 Detection & Monitoring

Log Indicators:

Unauthorized physical access logs
Unexpected device access attempts

Network Indicators:

Unusual authentication patterns from thin clients

SIEM Query:

Search for physical access violations or unauthorized device access events

📊 Metadata

CVE ID: CVE-2025-32752

CVSS v3 Score: 5.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE: CWE-312

EPSS Score: 0.02% exploit probability (4th percentile)

Published: May 29, 2025

Last Updated: June 24, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000325632/dsa-2025-225 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32752, you might also want to check these: