CVE-2025-22398
Published: 28 March 2025
Summary
CVE-2025-22398 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dell Unity Operating Environment. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
Dell Unity versions 5.4 and prior are affected by an OS command injection vulnerability tracked as CVE-2025-22398 and CWE-78. The flaw stems from improper neutralization of special elements in operating system commands and carries a CVSS 3.1 base score of 9.8.
An unauthenticated attacker with remote network access can exploit the issue to execute arbitrary commands as root, resulting in full operating-system compromise and potential system takeover.
Dell security advisory DSA-2025-116 advises customers to apply the available security updates for Dell Unity, UnityVSA, and Unity XT at the earliest opportunity.
The EPSS score rose from a low baseline to a peak of 0.0159 on 2026-02-03 before receding, indicating that exploitation interest emerged after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8535
Vulnerability details
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root.…
more
Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection (CWE-78) in remotely accessible Dell Unity storage system enables unauthenticated remote code execution as root, directly mapping to exploitation of public-facing application (T1190) and Unix Shell command execution (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires identifying, reporting, and correcting the OS command injection flaw via timely upgrades as recommended by Dell for affected Unity systems.
Mandates validation of all relevant information inputs to neutralize special elements and comprehensively prevent OS command injection exploitation.
Facilitates scanning for and rapid remediation of critical vulnerabilities like CVE-2025-22398 in Dell Unity storage systems.