CVE-2025-24383

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.

CVSS

No CVSS.

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*

History

08 Jul 2025, 16:33

Type	Values Removed	Values Added
References	~~() https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities - Vendor Advisory
First Time		Dell Dell unity Operating Environment
CPE		cpe:2.3:a:dell:unity_operating_environment::::::::

28 Mar 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-28 02:15

Updated : 2025-07-08 16:33

NVD link : CVE-2025-24383

Mitre link : CVE-2025-24383

JSON object : View

Products Affected

dell

unity_operating_environment

CWE

No CWE.

JSON object

Attach tags to CVE-2025-24383

Attach tags to `CVE-2025-24383`