Unrated severityNVD Advisory· Published Mar 28, 2025· Updated Feb 26, 2026

CVE-2025-22398

Description

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An OS command injection vulnerability in Dell Unity versions 5.4 and prior allows unauthenticated remote attackers to execute arbitrary commands as root, leading to full system compromise.

Vulnerability

CVE-2025-22398 is an OS command injection vulnerability in Dell Unity, Dell UnityVSA, and Dell Unity XT storage systems running version 5.4 and prior. The issue stems from improper neutralization of special elements used in an OS command, allowing an attacker to inject arbitrary commands through a vulnerable endpoint. No authentication is required to reach the vulnerable code path.

Exploitation

An unauthenticated attacker with network access to the affected Dell Unity system can exploit this vulnerability by sending specially crafted requests to the vulnerable functionality. The attacker does not need any prior credentials or user interaction. The injection occurs in a context that executes commands with root privileges.

Impact

Successful exploitation grants the attacker arbitrary command execution as root on the underlying operating system. This can lead to complete compromise of the storage system, including unauthorized access to all data, modification or deletion of files, installation of persistent backdoors, and potential lateral movement within the network.

Mitigation

Dell has released a security update as part of DSA-2025-116 [1] to address this vulnerability. Customers are advised to upgrade to a fixed version of Dell Unity software as soon as possible. No workarounds are currently available. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of publication.

References

DSA-2025-116: Security Update for Dell Unity, Dell UnityVSA and Dell Unity XT Security Update for Multiple Vulnerabilities

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Sift/Unityllm-fuzzy
Range: <=5.4
Dell/Unity XTcpe-rescue
Range: N/A

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilitiesmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000