Improper Neutralization Vulnerability in Dell Unity by Dell
CVE-2025-24383

9.1CRITICAL

Key Information:

Vendor: Dell
Status: Unity
Vendor: CVE Published:; 28 March 2025

Summary

Dell Unity versions 5.4 and earlier exhibit a vulnerability that allows improper neutralization of special elements within OS commands. This flaw may be exploited by a low-privileged attacker with local access to execute arbitrary commands and escalate privileges, potentially compromising the system's integrity. Users of Dell Unity are advised to review the associated security guidance and apply necessary updates to mitigate risks.

Affected Version(s)

Unity < 5.5.0.0.5.259

References

https://www.dell.com/support/kbdoc/en-us/000300090/dsa-20...

vendor-advisory

EPSS Score

22% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Jan 21, 2025

Credit

Dell would like to thank xiaohei from Ubisectech Sirius Team for reporting these issues.