Unrated severityNVD Advisory· Published Mar 28, 2025· Updated Feb 26, 2026

CVE-2025-24385

Description

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell Unity versions 5.4 and prior contain an OS command injection vulnerability allowing low-privileged local attackers to execute arbitrary commands and gain elevated privileges.

Vulnerability

Dell Unity, UnityVSA, and Unity XT versions 5.4 and prior are affected by an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. This flaw allows a low-privileged attacker with local access to inject arbitrary OS commands into vulnerable inputs [1].

Exploitation

The attacker requires local access with low privileges. By crafting malicious input that includes OS command separators or special characters, the attacker can execute arbitrary commands on the underlying system. No user interaction beyond initial access is required [1].

Impact

Successful exploitation leads to arbitrary code execution and elevation of privileges, potentially granting the attacker full administrative control over the affected Dell Unity system. This can result in complete compromise of confidentiality, integrity, and availability [1].

Mitigation

Dell has released a security update (DSA-2025-116) to address this vulnerability. Users are advised to apply the patch to the latest available version. No workarounds have been documented. The vulnerability is not known to be listed in CISA's Known Exploited Vulnerabilities (KEV) catalog [1].

References

DSA-2025-116: Security Update for Dell Unity, Dell UnityVSA and Dell Unity XT Security Update for Multiple Vulnerabilities

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Sift/Unityllm-fuzzy
Range: <=5.4
Dell/Unity XTcpe-rescue
Range: N/A

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilitiesmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000