OS Command Injection Vulnerability in Dell Unity by Dell
CVE-2025-24382

7.3HIGH

Key Information:

Vendor: Dell
Status: Unity
Vendor: CVE Published:; 28 March 2025

Summary

Dell Unity versions up to 5.4 include a vulnerability that allows an unauthenticated remote attacker to execute unauthorized commands through improper handling of special elements in OS commands. This flaw can be exploited if an attacker gains remote access, potentially compromising the system's integrity and functionality.

Affected Version(s)

Unity < 5.5.0.0.5.259

References

https://www.dell.com/support/kbdoc/en-us/000300090/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Jan 21, 2025

Credit

Dell would like to thank prowser for reporting these issues.