Summary: Dell has issued a security update for Unity OS versions 5.4 and earlier, addressing critical vulnerabilities potentially allowing unauthorized remote command execution and system takeover. The vulnerabilities include a serious command injection flaw (CVE-2025-22398) with a CVSS score of 9.8, along with other severe issues that impact Unity products. Customers are urged to upgrade to Dell Unity Operating Environment (OE) Version 5.5.0.0.5.259 or later to mitigate these risks.
Affected: Dell Unity, Dell UnityVSA, Dell Unity XT
Keypoints :
- CVE-2025-22398 (CVSS Score: 9.8) – Allows unauthenticated remote command execution as root, enabling potential system takeover.
- CVE-2025-24383 (CVSS Score: 9.1) – Enables arbitrary file deletion by attackers without prior authentication.
- CVE-2025-24381 (CVSS Score: 8.8) – Open redirect vulnerability could lead to phishing and session hijacking.
- CVE-2024-49563 and others (CVSS Score: 7.8) – Local privilege escalation vulnerabilities allow low-privileged users to gain root access.
- Remediation: Customers are strongly advised to upgrade to Dell Unity OE Version 5.5.0.0.5.259 or later to address these vulnerabilities.