CVE-2025-46428 – Dell SmartFabric OS10 Software contains a comma... (How to Fix)

Q: What is the severity of CVE-2025-46428?

CVE-2025-46428 has a CVSS score of 8.8 (HIGH). Dell SmartFabric OS10 Software contains a command injection vulnerability that allows low-privileged remote attackers to execute arbitrary code on affected switches. This affects all versions prior to 10.6.1.0. Organizations using Dell networking equipment with OS10 are vulnerable to potential network compromise.

📋 TL;DR

Dell SmartFabric OS10 Software contains a command injection vulnerability that allows low-privileged remote attackers to execute arbitrary code on affected switches. This affects all versions prior to 10.6.1.0. Organizations using Dell networking equipment with OS10 are vulnerable to potential network compromise.

💻 Affected Systems

Products:

Dell SmartFabric OS10 Software

Versions: All versions prior to 10.6.1.0

Operating Systems: OS10

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Dell networking switches running OS10 software. Requires attacker to have low-privileged remote access to the management interface.

📦 What is this software?

Smartfabric Os10 by Dell

View all CVEs affecting Smartfabric Os10 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network compromise with attacker gaining full control of switches, enabling lateral movement, data exfiltration, and disruption of critical network services.

🟠

Likely Case

Attacker gains control of network switches to intercept traffic, modify configurations, and potentially pivot to other systems on the network.

🟢

If Mitigated

Limited impact due to network segmentation and proper access controls preventing low-privileged remote access to management interfaces.

🌐 Internet-Facing: HIGH if management interfaces are exposed to internet, as remote exploitation is possible with low privileges.

🏢 Internal Only: HIGH as internal attackers or compromised systems could exploit this to gain network control and pivot to other assets.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires low-privileged credentials but command injection vulnerabilities are typically straightforward to exploit once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.6.1.0 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000391062/dsa-2025-407-security-update-for-dell-networking-os10-vulnerabilities

Restart Required: Yes

Instructions:

1. Download OS10 version 10.6.1.0 or later from Dell support portal. 2. Backup current configuration. 3. Apply the update following Dell's upgrade procedures. 4. Reboot the switch. 5. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Management Access

all

Limit access to OS10 management interfaces to trusted networks and IP addresses only

configure terminal
management access-list standard ACL_NAME
permit ip TRUSTED_NETWORK any
deny ip any any
management access-group ACL_NAME in

Implement Strong Authentication

all

Enforce multi-factor authentication and strong password policies for all management accounts

configure terminal
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local

🧯 If You Can't Patch

Isolate affected switches in dedicated VLANs with strict access controls
Implement network monitoring and anomaly detection for management interface traffic

🔍 How to Verify

Check if Vulnerable:

Check OS10 version with 'show version' command. If version is below 10.6.1.0, system is vulnerable.

Check Version:

show version | include OS10

Verify Fix Applied:

Run 'show version' command and verify version is 10.6.1.0 or higher. Test management interface functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in system logs
Multiple failed authentication attempts followed by successful login
Configuration changes from unexpected sources

Network Indicators:

Unusual outbound connections from management interfaces
Traffic patterns inconsistent with normal administrative activities
Multiple connection attempts to management ports

SIEM Query:

source="dell_os10" AND (event_type="command_execution" AND command="*;*" OR command="*|*" OR command="*`*")

📊 Metadata

CVE ID: CVE-2025-46428

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

EPSS Score: 0.15% exploit probability (35.8th percentile)

Published: November 12, 2025

Last Updated: November 17, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000391062/dsa-2025-407-security-update-for-dell-networking-os10-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46428, you might also want to check these: