Tuesday, May 6, 2025
HomeCVE/vulnerabilityMultiple Dell Unity Vulnerabilities Allow Attackers to Compromise Systems

Multiple Dell Unity Vulnerabilities Allow Attackers to Compromise Systems

Published on

SIEM as a Service

Follow Us on Google News

Dell Technologies has released a security advisory detailing multiple critical vulnerabilities in its Dell Unity storage systems and related software.

These vulnerabilities, if exploited, could allow attackers to gain unauthorized access, execute arbitrary commands, or even compromise the affected systems entirely.

Vulnerabilities Explained

The advisory, issued under reference DSA-2025-116, highlights serious weaknesses in Dell Unity, UnityVSA, and Unity XT platforms, including their operating environment (OE).

- Advertisement - Google News

These vulnerabilities affect versions before 5.5.0.0.5.259 and stem from several issues such as improper neutralization of special elements in system commands, open redirect flaws, and OS command injection vulnerabilities.

Key CVEs Identified

  • CVE-2025-22398: This critical vulnerability allows unauthenticated attackers to execute arbitrary OS commands remotely. Exploitation could lead to complete control over the system with root privileges.
  • CVE-2025-24383: Similar to CVE-2025-22398, this allows attackers to delete critical system files remotely.
  • CVE-2025-24381: An open redirect vulnerability could enable attackers to redirect users to malicious sites, potentially leading to phishing attacks or session hijacking.
  • CVE-2024-49563 to CVE-2025-24386: Several local privilege-escalation flaws were reported, enabling attackers with limited access to execute commands with root privileges.

Dell has acknowledged the contributions of security researchers, including teams from Ubisectech Sirius, who reported many of these vulnerabilities.

Impact on Users

The vulnerabilities have been classified as critical, with high CVSS scores ranging from 7.3 to 9.8. Exploitation risks include:

  • Complete system compromise.
  • Arbitrary file deletion, which could disrupt critical functions.
  • Potential for phishing attacks.
  • Local and remote elevation of privileges.

Given the severity, these flaws pose a significant risk to enterprises relying on Dell Unity systems for their storage solutions.

Mitigation and Updates

Dell has released version 5.5.0.0.5.259 of the Unity Operating Environment (OE) to address these vulnerabilities. Customers are strongly advised to upgrade immediately to mitigate risks.

  1. Confirm whether your Unity systems are running a version prior to 5.5.0.0.5.259.
  2. Download and apply the updated software via Dell Support (link).
  3. Follow Dell’s best practices to secure your systems and minimize potential exploits.

Organizations using Dell Unity solutions should prioritize this patch to secure their infrastructures and prevent potential attacks.

Dell credited independent researchers, including Prowser and the Ubisectech Sirius Team, for their contributions in identifying these vulnerabilities.

The company recommends that customers assess the applicability of these findings to their environments and take swift action.

Dell has reiterated its commitment to strengthening security in its products through collaboration with the cybersecurity community.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake’s CORTEX

As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search...

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...