Login Sign Up

CVE-2025-24381

8.8 HIGH
Open Redirect

📋 TL;DR

Dell Unity storage systems version 5.4 and earlier contain an open redirect vulnerability that allows unauthenticated attackers to redirect users to malicious websites. This could enable phishing attacks leading to credential theft or session hijacking. All Dell Unity systems running vulnerable versions are affected.

💻 Affected Systems

Products:
  • Dell Unity
  • Dell UnityVSA
  • Dell Unity XT
Versions: 5.4 and prior
Operating Systems: Dell Unity OS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Unity Operating Environment by Dell

View all CVEs affecting Unity Operating Environment →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers redirect authenticated users to convincing phishing sites that steal credentials, session tokens, or sensitive data, potentially leading to full system compromise.

🟠

Likely Case

Phishing campaigns targeting users to steal credentials or session information, potentially enabling unauthorized access to the Dell Unity management interface.

🟢

If Mitigated

Limited impact with proper user awareness training and network segmentation preventing external exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires tricking users to click malicious links but doesn't require authentication to the Dell Unity system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from DSA-2025-116

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities

Restart Required: No

Instructions:

1. Download the security update from Dell Support. 2. Apply the patch following Dell Unity update procedures. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Dell Unity management interface to trusted networks only

Web Application Firewall

all

Deploy WAF rules to detect and block open redirect attempts

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure
  • Deploy user awareness training about phishing risks and suspicious links

🔍 How to Verify

Check if Vulnerable:

Check Dell Unity system version via management interface. If version is 5.4 or earlier, system is vulnerable.

Check Version:

Check via Dell Unity Unisphere interface: System > Settings > About

Verify Fix Applied:

Verify system version is updated beyond 5.4 and check patch status in system logs.

📡 Detection & Monitoring

Log Indicators:

  • Unusual redirect patterns in web server logs
  • Multiple failed authentication attempts following redirects

Network Indicators:

  • HTTP 302 redirects to external domains from Dell Unity interface
  • Suspicious referrer headers

SIEM Query:

source="dell_unity" AND (url="*redirect=*" OR status=302) AND dest_ip NOT IN [trusted_networks]

📊 Metadata

CVE ID: CVE-2025-24381
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-601
EPSS Score: 0.35% exploit probability (57.2th percentile)
Published: March 28, 2025
Last Updated: July 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24381, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)