Critical vulnerabilities reported in Dell Unity storage systems

Dell Technologies has released a security update addressing multiple critical vulnerabilities affecting Dell Unity, Dell UnityVSA, and Dell Unity XT storage systems. The security advisory lists multiple vulnerabilities that could potentially be exploited by malicious actors to compromise affected systems.

The vulnerabilities impact Dell Unity systems running versions prior to 5.5.0.0.5.259.  They can cause complete system compromise with root-level access, arbitrary file deletion that could render systems inoperable, potential for phishing attacks through malicious redirects, local privilege escalation allowing attackers to gain unauthorized administrative access and remote command execution without authentication.

Vulnerabilities summary

• CVE-2025-22398 (CVSS score 9.8): An OS Command Injection vulnerability allowing unauthenticated remote attackers to execute arbitrary commands as root, potentially leading to complete system compromise.
• CVE-2025-24383 (CVSS score 9.1): An OS Command Injection vulnerability enabling unauthenticated remote attackers to delete arbitrary files, including critical system files.
• CVE-2025-24381 (CVSS score 8.8): An Open Redirect vulnerability that could allow attackers to redirect users to malicious websites, facilitating phishing attacks and potential session theft.
• CVE-2024-49563 (CVSS score 7.8): An OS Command Injection vulnerability allowing low-privileged local attackers to execute arbitrary commands with root privileges.
• CVE-2024-49564 (CVSS score 7.8): An OS Command Injection vulnerability permitting low-privileged local attackers to execute commands with root privileges.
• CVE-2024-49565 (CVSS score 7.8): An OS Command Injection vulnerability that could lead to command execution and privilege escalation by local attackers.
• CVE-2024-49566 (CVSS score 7.8): An OS Command Injection vulnerability enabling command execution and privilege escalation by local attackers.
• CVE-2025-23383 (CVSS score 7.8): An OS Command Injection vulnerability that could be exploited by low-privileged local attackers for command execution and privilege escalation.
• CVE-2025-24377 through CVE-2025-24386 (CVSS scores 7.8): Multiple OS Command Injection vulnerabilities allowing low-privileged local attackers to execute commands with root privileges.
• CVE-2024-49601 (CVSS score 7.3): An OS Command Injection vulnerability enabling unauthenticated remote attackers to execute commands.

The vulnerabilities affecta ll releases prior to version 5.5.0.0.5.259 of:

• Dell Unity
• Dell UnityVSA
• Dell Unity XT

Dell has released version 5.5.0.0.5.259 of the Unity Operating Environment (OE) that addresses these vulnerabilities. Users are strongly advised to check the current version of their Dell Unity systems and update to version 5.5.0.0.5.259 or later