CVE-2025-24382

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVSS

No CVSS.

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*

History

08 Jul 2025, 16:33

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities - Vendor Advisory
First Time		Dell Dell unity Operating Environment
CPE		cpe:2.3:a:dell:unity_operating_environment::::::::

28 Mar 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-28 02:15

Updated : 2025-07-08 16:33

NVD link : CVE-2025-24382

Mitre link : CVE-2025-24382

JSON object : View

Products Affected

dell

unity_operating_environment

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

JSON object

Attach tags to CVE-2025-24382

Attach tags to `CVE-2025-24382`