A critical vulnerability (CVE-2025-24383) has been identified in Dell Unity operating environments, allowing unauthenticated attackers to execute arbitrary OS commands and delete system files remotely. The flaw, rated 9.1 (CRITICAL) on the CVSS scale, affects versions 5.4 and earlier of Dell Unity OE. Dell has released patches and urges immediate action due to the potential for complete system compromise.
TL;DR Key Points
- CVE-2025-24383: OS Command Injection (CWE-78) in Dell Unity OE ≤5.4
- Impact: Remote, unauthenticated attackers can delete files as root
- Severity: CVSS 9.1 (CRITICAL)
- Affected Products: Unity All Flash/Hybrid, UnityVSA, Unity XT
- Fix: Upgrade to Dell Unity OE 5.5.0.0.5.259+
Technical Analysis
The vulnerability stems from improper neutralization of special elements in OS commands (CWE-78), a common flaw in systems that construct commands using untrusted input. Attackers can exploit this without authentication by sending crafted requests to vulnerable Dell Unity interfaces. Successful exploitation allows:
- Arbitrary file deletion with root privileges
- Potential command execution leading to full system control
- Disruption of storage operations in enterprise environments
Dell’s advisory notes the vulnerability was initially misclassified as a local privilege escalation (CVSS 7.8) before being updated to reflect its remote exploitation potential^1.
Affected Systems and Patch Information
The following Dell Unity products are confirmed vulnerable:
| Product Line | Vulnerable Versions |
|---|---|
| Unity All Flash | ≤5.4 |
| Unity Hybrid | ≤5.4 |
| UnityVSA | ≤5.4 |
| Unity XT | ≤5.4 |
The fixed version (5.5.0.0.5.259) is available via Dell’s security advisory DSA-2025-116^2. Administrators should prioritize patching due to:
- No known workarounds
- Public exposure of vulnerable systems
- Critical nature of storage infrastructure
Related Vulnerabilities
This vulnerability shares characteristics with other recent Dell Unity flaws:
| CVE | CVSS | Description |
|---|---|---|
| CVE-2025-22398 | 9.8 | Remote root command execution |
| CVE-2025-24381 | 8.8 | Open redirect vulnerability |
| CVE-2025-24386 | 7.8 | Local privilege escalation |
Detection and Mitigation
Organizations should:
- Inventory all Dell Unity systems and verify versions
- Apply patches immediately following Dell’s guidelines^2
- Monitor for:
- Unexpected file deletions in system directories
- Unusual command execution patterns
- Authentication bypass attempts
- Restrict network access to management interfaces
Conclusion
CVE-2025-24383 represents a severe threat to organizations using vulnerable Dell Unity systems. The combination of remote exploitability, high privileges, and lack of authentication requirements makes this vulnerability particularly dangerous. Immediate patching is strongly recommended to prevent potential system compromises.
References
[1]: “[Dell Security Advisory DSA-2025-116](https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116)”. [Accessed March 28, 2025].
[2]: “[NVD Entry for CVE-2025-24383](https://nvd.nist.gov/vuln/detail/CVE-2025-24383)”. [Accessed March 28, 2025].
[3]: “[GitHub Advisory GHSA-gp7r-2vw6-9r9g](https://github.com/advisories/GHSA-gp7r-2vw6-9r9g)”. [Accessed March 28, 2025].
