Cyber Resilience

CVE-2025-24383

CriticalRCE

Published: 28 March 2025

Published
28 March 2025
Modified
08 July 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0246 85.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24383 is a critical-severity OS Command Injection (CWE-78) vulnerability in Dell Unity Operating Environment. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).

Deeper analysis

Dell Unity versions 5.4 and prior contain an OS command injection vulnerability tracked as CVE-2025-24383 and CWE-78. The flaw carries a CVSS 3.1 score of 9.1 and permits improper neutralization of special elements in operating-system commands, enabling manipulation of file-system operations with root privileges.

An unauthenticated attacker with remote network access can exploit the issue to delete arbitrary files on the affected storage system, including critical system files that could lead to denial of service or further compromise.

Dell security advisory DSA-2025-116 addresses the vulnerability and explicitly recommends that customers upgrade Dell Unity, UnityVSA, and Unity XT systems at the earliest opportunity.

The associated EPSS score rose from a low baseline to a peak of 0.1182 on 2026-02-03 before receding to its current value of 0.0246, indicating a period of increased exploitation interest after public disclosure.

EU & UK References

Vulnerability details

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is…

more

considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

OS command injection in public-facing Dell Unity storage system enables remote unauthenticated exploitation (T1190), arbitrary command execution via Unix shell (T1059.004), and targeted file deletion for data destruction (T1485).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24382Same product: Dell Unity Operating Environment
CVE-2025-22398Same product: Dell Unity Operating Environment
CVE-2024-49601Same product: Dell Unity Operating Environment
CVE-2025-23383Same product: Dell Unity Operating Environment
CVE-2026-22277Same product: Dell Unity Operating Environment
CVE-2025-24380Same product: Dell Unity Operating Environment
CVE-2025-24386Same product: Dell Unity Operating Environment
CVE-2024-49564Same product: Dell Unity Operating Environment
CVE-2025-36604Same product: Dell Unity Operating Environment
CVE-2025-24379Same product: Dell Unity Operating Environment

Affected Assets

dell
unity operating environment
≤ 5.5.0.0.5.259

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through vendor-recommended upgrades directly eliminates the OS command injection vulnerability, preventing arbitrary root-level file deletion.

prevent

Information input validation neutralizes special elements in inputs to OS commands, directly blocking command injection exploits.

prevent

Restricts permitted actions without identification or authentication, limiting unauthenticated remote access to capabilities exploitable for file deletion.

References