Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity.
Metrics
Affected Vendors & Products
References
History
Tue, 08 Jul 2025 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Dell
Dell unity Operating Environment |
|
CPEs | cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:* | |
Vendors & Products |
Dell
Dell unity Operating Environment |
Fri, 28 Mar 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 28 Mar 2025 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity. | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: dell
Published: 2025-03-28T01:41:00.767Z
Updated: 2025-03-29T03:55:39.895Z
Reserved: 2025-01-06T13:40:01.387Z
Link: CVE-2025-22398

Updated: 2025-03-28T13:58:54.458Z

Status : Analyzed
Published: 2025-03-28T02:15:14.063
Modified: 2025-07-08T16:33:14.673
Link: CVE-2025-22398

No data.