CVE-2025-24383

CRITICAL

Dell Unity Operating Environment < 5.5.0.0.5.259 - Unauthenticated Arbitrary File Deletion via OS Command Injection

Title source: llm

Description

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities

Scores

CVSS v3 9.1

EPSS 0.0246

EPSS Percentile 85.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (1)

dell/unity_operating_environment < 5.5.0.0.5.259

Published Mar 28, 2025

Tracked Since Feb 18, 2026