CVE-2025-24383: OS Command Injection
First published: Fri Mar 28 2025(Updated: )
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends customers to upgrade at the earliest opportunity.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC Unity | <5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-24383?
CVE-2025-24383 is considered a high severity vulnerability due to the potential for unauthenticated remote execution of OS commands.
How do I fix CVE-2025-24383?
To mitigate CVE-2025-24383, upgrade Dell Unity to version 5.5 or later, which addresses this vulnerability.
What type of vulnerability is CVE-2025-24383?
CVE-2025-24383 is classified as an OS Command Injection vulnerability that allows for improper neutralization of special elements.
Who is affected by CVE-2025-24383?
CVE-2025-24383 affects all versions of Dell Unity up to and including version 5.4.
Can CVE-2025-24383 lead to data loss?
Yes, CVE-2025-24383 could potentially allow an attacker to delete arbitrary files, resulting in data loss.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/source
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/dell
- canonical/dell emc unity