CVE-2025-24386
Description
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OS command injection in Dell Unity 5.4 and prior allows low-privileged local attackers to execute commands and elevate privileges.
Vulnerability
Dell Unity versions 5.4 and prior contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. This allows a low privileged attacker with local access to inject arbitrary OS commands [1].
Exploitation
An attacker with low privileges and local access to the system can exploit this vulnerability by crafting a payload that bypasses input sanitization, leading to command execution [1].
Impact
Successful exploitation leads to arbitrary command execution and elevation of privileges, compromising the confidentiality, integrity, and availability of the system [1].
Mitigation
Dell has released a security update (DSA-2025-116) to address this vulnerability. Users should apply the update as soon as possible [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.