CVE-2025-24379

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*

History

08 Jul 2025, 16:32

Type Values Removed Values Added
Summary
  • (es) Dell Unity, versión 5.4 y anteriores, presenta una vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando del sistema operativo (inyección de comandos del sistema operativo). Un atacante con pocos privilegios y acceso local podría explotar esta vulnerabilidad, lo que provocaría la ejecución de comandos y la elevación de privilegios.
References () https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities - Vendor Advisory
CPE cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*
First Time Dell unity Operating Environment
Dell

28 Mar 2025, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-28 03:15

Updated : 2025-07-08 16:32


NVD link : CVE-2025-24379

Mitre link : CVE-2025-24379

CVE.ORG link : CVE-2025-24379


JSON object : View

Products Affected

dell

  • unity_operating_environment
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')