Unrated severityNVD Advisory· Published Mar 28, 2025· Updated Feb 26, 2026

CVE-2025-23383

Description

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell Unity 5.4 and prior contain an OS command injection vulnerability allowing low-privileged local attackers to execute arbitrary commands and elevate privileges.

Vulnerability

Dell Unity, including UnityVSA and Unity XT, versions 5.4 and prior, are affected by an OS command injection vulnerability (CVE-2025-23383). The software fails to properly neutralize special elements used in OS commands, enabling injection of arbitrary commands. The vulnerability is present in the product's codebase and requires local access to the system.

Exploitation

An attacker with low privileges and local access can exploit this vulnerability by crafting input that includes OS command special characters. The attacker does not need network access but must have a local shell or ability to interact with the vulnerable component. The exact attack vector is not detailed in available references, but the description confirms that command execution is achievable.

Impact

Successful exploitation allows the attacker to execute arbitrary OS commands with elevated privileges, leading to full compromise of the affected system. This results in loss of confidentiality, integrity, and availability, as the attacker can read, modify, or delete data and install persistent backdoors.

Mitigation

Dell has released a security update as part of DSA-2025-116 to address this vulnerability [1]. Users should apply the latest patches for Dell Unity, UnityVSA, and Unity XT. No workarounds are documented. Affected versions should be upgraded to a fixed release as soon as possible.

References

DSA-2025-116: Security Update for Dell Unity, Dell UnityVSA and Dell Unity XT Security Update for Multiple Vulnerabilities

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Sift/Unityllm-fuzzy
Range: <=5.4
Dell/Unity XTcpe-rescue
Range: N/A

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilitiesmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000