CVE-2025-24383 – Dell Unity storage systems running version 5.4 ... (How to Fix)

Q: What is the severity of CVE-2025-24383?

CVE-2025-24383 has a CVSS score of 9.1 (CRITICAL). Dell Unity storage systems running version 5.4 or earlier contain an OS command injection vulnerability that allows unauthenticated remote attackers to delete arbitrary files as root. This affects all Dell Unity, UnityVSA, and Unity XT systems with vulnerable software. The vulnerability is critical due to the potential for complete system compromise through deletion of critical files.

📋 TL;DR

Dell Unity storage systems running version 5.4 or earlier contain an OS command injection vulnerability that allows unauthenticated remote attackers to delete arbitrary files as root. This affects all Dell Unity, UnityVSA, and Unity XT systems with vulnerable software. The vulnerability is critical due to the potential for complete system compromise through deletion of critical files.

💻 Affected Systems

Products:

Dell Unity
Dell UnityVSA
Dell Unity XT

Versions: 5.4 and prior

Operating Systems: Dell Unity OS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Unity Operating Environment by Dell

View all CVEs affecting Unity Operating Environment →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via deletion of critical system files leading to data loss, service disruption, and potential ransomware deployment.

🟠

Likely Case

Service disruption through deletion of configuration or data files, potentially causing storage system failure.

🟢

If Mitigated

Limited impact if system is isolated behind firewalls with strict network controls and access restrictions.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation allows attackers on the internet to potentially compromise exposed systems.

🏢 Internal Only: HIGH - Even internally, unauthenticated access means any compromised internal system could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires no authentication and involves OS command injection, making exploitation relatively straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 5.4

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Download the latest firmware from Dell Support. 2. Backup system configuration and data. 3. Apply the firmware update following Dell's upgrade procedures. 4. Reboot the system as required by the update process.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to Dell Unity management interfaces to only trusted administrative networks.

Firewall Rules

all

Implement strict firewall rules to block all unnecessary inbound traffic to Dell Unity systems.

🧯 If You Can't Patch

Isolate the system on a dedicated VLAN with strict access controls
Implement network monitoring and intrusion detection for suspicious file deletion activities

🔍 How to Verify

Check if Vulnerable:

Check the system version via the Unity management interface or CLI. If version is 5.4 or earlier, the system is vulnerable.

Check Version:

Check via Unity Unisphere interface or use SSH to connect and check system version details

Verify Fix Applied:

After patching, verify the system version shows a version higher than 5.4 and test that the specific vulnerable component no longer accepts command injection.

📡 Detection & Monitoring

Log Indicators:

Unexpected file deletion events
Unusual command execution in system logs
Failed authentication attempts followed by file operations

Network Indicators:

Unusual network traffic to Dell Unity management ports from unexpected sources
Multiple failed connection attempts followed by successful connections

SIEM Query:

source="dell-unity-logs" AND (event_type="file_deletion" OR command="rm" OR command="del") AND user="root"

📊 Metadata

CVE ID: CVE-2025-24383

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-78

EPSS Score: 11.82% exploit probability (93.6th percentile)

Published: March 28, 2025

Last Updated: July 8, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24383, you might also want to check these: