Unrated severityNVD Advisory· Published Mar 28, 2025· Updated Feb 26, 2026

CVE-2025-24381

Description

Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell Unity 5.4 and prior contains an open redirect vulnerability allowing unauthenticated remote attackers to redirect users to malicious sites for phishing and session theft.

Vulnerability

Dell Unity versions 5.4 and prior contain an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. The vulnerability exists in the web interface, allowing an attacker to craft a URL that redirects a user to an arbitrary external site. No authentication is required to trigger the redirect, but user interaction (clicking a link) is necessary.

Exploitation

An unauthenticated attacker with remote network access can craft a malicious link that appears to originate from a legitimate Dell Unity instance. When a targeted user clicks the link, they are redirected to an attacker-controlled website. The attacker can use this to conduct phishing attacks, tricking users into entering credentials or other sensitive information.

Impact

Successful exploitation allows the attacker to redirect users to arbitrary web URLs. This can lead to disclosure of sensitive information (e.g., credentials) and session theft if the user is authenticated to the Dell Unity system. The impact is primarily on confidentiality and integrity of user data.

Mitigation

Dell has released a security update (DSA-2025-116) to address this vulnerability. Users should upgrade to the latest fixed version as specified in the advisory [1]. No workarounds are mentioned; applying the update is the recommended mitigation.

References

DSA-2025-116: Security Update for Dell Unity, Dell UnityVSA and Dell Unity XT Security Update for Multiple Vulnerabilities

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Sift/Unityllm-fuzzy
Range: <=5.4
Dell/Unity XTcpe-rescue
Range: N/A

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilitiesmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000