Cyber Resilience

CVE-2025-24382

High

Published: 28 March 2025

Published
28 March 2025
Modified
08 July 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0113 78.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24382 is a high-severity OS Command Injection (CWE-78) vulnerability in Dell Unity Operating Environment. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Dell Unity versions 5.4 and prior are affected by an OS command injection vulnerability tracked as CVE-2025-24382 and CWE-78. The flaw stems from improper neutralization of special elements in operating system commands and carries a CVSS 3.1 score of 7.3 reflecting network attack vector, low complexity, and no required authentication or user interaction.

An unauthenticated remote attacker can supply crafted input that results in arbitrary command execution on the affected storage system, potentially allowing limited impacts to confidentiality, integrity, and availability.

Dell has published security update DSA-2025-116 that addresses this issue along with other vulnerabilities in Dell Unity, Dell UnityVSA, and Dell Unity XT products; administrators should apply the vendor patch according to the guidance in the referenced knowledge-base article.

The associated EPSS score rose from a low baseline to a recorded peak of 0.0297, indicating emerging exploitation interest after disclosure.

EU & UK References

Vulnerability details

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection (CWE-78) in network-accessible Dell Unity management interface enables remote unauthenticated arbitrary command execution, directly mapping to exploitation of public-facing applications (T1190) and Unix shell command execution (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-22398Same product: Dell Unity Operating Environment
CVE-2025-24383Same product: Dell Unity Operating Environment
CVE-2024-49601Same product: Dell Unity Operating Environment
CVE-2025-23383Same product: Dell Unity Operating Environment
CVE-2026-22277Same product: Dell Unity Operating Environment
CVE-2025-24380Same product: Dell Unity Operating Environment
CVE-2025-24386Same product: Dell Unity Operating Environment
CVE-2024-49564Same product: Dell Unity Operating Environment
CVE-2025-36604Same product: Dell Unity Operating Environment
CVE-2025-24379Same product: Dell Unity Operating Environment

Affected Assets

dell
unity operating environment
≤ 5.5.0.0.5.259

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 mandates validation of information inputs, directly preventing OS command injection by neutralizing special elements used in commands.

prevent

SI-2 requires timely identification and remediation of flaws, such as applying Dell's patch for this specific command injection vulnerability.

preventdetect

SC-7 enforces boundary protection at external interfaces, limiting remote network access exploited by unauthenticated attackers for command injection.

References