CVE-2025-22398: OS Command Injection
First published: Fri Mar 28 2025(Updated: )
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC Unity | <=5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-22398?
CVE-2025-22398 is classified as a high severity OS Command Injection vulnerability.
How do I fix CVE-2025-22398?
To fix CVE-2025-22398, upgrade to Dell Unity version 5.5 or later where the vulnerability has been patched.
What impact does CVE-2025-22398 have?
CVE-2025-22398 allows unauthenticated remote attackers to execute arbitrary commands with root privileges.
Is CVE-2025-22398 easy to exploit?
Yes, CVE-2025-22398 can be exploited with minimal technical skills due to its nature of allowing remote code execution.
Which versions of Dell Unity are affected by CVE-2025-22398?
CVE-2025-22398 affects Dell Unity versions 5.4 and prior.
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/dell
- canonical/dell emc unity