Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.
History

Tue, 08 Jul 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell unity Operating Environment
CPEs cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*
Vendors & Products Dell
Dell unity Operating Environment

Fri, 28 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 28 Mar 2025 03:00:00 +0000

Type Values Removed Values Added
Description Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command Vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}


Fri, 28 Mar 2025 02:00:00 +0000

Type Values Removed Values Added
Description Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command Vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published: 2025-03-28T01:24:02.790Z

Updated: 2025-03-29T03:55:27.193Z

Reserved: 2025-01-21T06:04:19.371Z

Link: CVE-2025-24383

cve-icon Vulnrichment

Updated: 2025-03-28T14:28:10.954Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-28T02:15:14.367

Modified: 2025-07-08T16:33:05.830

Link: CVE-2025-24383

cve-icon Redhat

No data.