Cyber Resilience

CVE-2025-22398

CriticalRCE

Published: 28 March 2025

Published
28 March 2025
Modified
08 July 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0034 57.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22398 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dell Unity Operating Environment. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

Dell Unity versions 5.4 and prior are affected by an OS command injection vulnerability tracked as CVE-2025-22398 and CWE-78. The flaw stems from improper neutralization of special elements in operating system commands and carries a CVSS 3.1 base score of 9.8.

An unauthenticated attacker with remote network access can exploit the issue to execute arbitrary commands as root, resulting in full operating-system compromise and potential system takeover.

Dell security advisory DSA-2025-116 advises customers to apply the available security updates for Dell Unity, UnityVSA, and Unity XT at the earliest opportunity.

The EPSS score rose from a low baseline to a peak of 0.0159 on 2026-02-03 before receding, indicating that exploitation interest emerged after disclosure.

EU & UK References

Vulnerability details

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root.…

more

Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection (CWE-78) in remotely accessible Dell Unity storage system enables unauthenticated remote code execution as root, directly mapping to exploitation of public-facing application (T1190) and Unix Shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24382Same product: Dell Unity Operating Environment
CVE-2025-24383Same product: Dell Unity Operating Environment
CVE-2024-49601Same product: Dell Unity Operating Environment
CVE-2025-23383Same product: Dell Unity Operating Environment
CVE-2026-22277Same product: Dell Unity Operating Environment
CVE-2025-24380Same product: Dell Unity Operating Environment
CVE-2025-24386Same product: Dell Unity Operating Environment
CVE-2024-49564Same product: Dell Unity Operating Environment
CVE-2025-36604Same product: Dell Unity Operating Environment
CVE-2025-24379Same product: Dell Unity Operating Environment

Affected Assets

dell
unity operating environment
≤ 5.5.0.0.5.259

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identifying, reporting, and correcting the OS command injection flaw via timely upgrades as recommended by Dell for affected Unity systems.

prevent

Mandates validation of all relevant information inputs to neutralize special elements and comprehensively prevent OS command injection exploitation.

detect

Facilitates scanning for and rapid remediation of critical vulnerabilities like CVE-2025-22398 in Dell Unity storage systems.

References