CVE-2025-46422 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-46422?

CVE-2025-46422 has a CVSS score of 7.8 (HIGH). This CVE describes an OS command injection vulnerability in Dell Unity storage systems. A low-privileged attacker with local access can execute arbitrary commands with root privileges, potentially gaining full control of the system. Affected systems are Dell Unity versions 5.5 and earlier.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Dell Unity storage systems. A low-privileged attacker with local access can execute arbitrary commands with root privileges, potentially gaining full control of the system. Affected systems are Dell Unity versions 5.5 and earlier.

💻 Affected Systems

Products:

Dell Unity
Dell UnityVSA
Dell Unity XT

Versions: 5.5 and prior

Operating Systems: Dell Unity OS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. Requires local access to the system.

📦 What is this software?

Unity Operating Environment by Dell

View all CVEs affecting Unity Operating Environment →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level access, allowing data theft, system destruction, or lateral movement to other systems.

🟠

Likely Case

Local privilege escalation leading to unauthorized administrative access and potential data exfiltration.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent local attacker access.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over internet.

🏢 Internal Only: HIGH - Any compromised low-privileged account on the system can lead to full root compromise.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access with low privileges. Command injection vulnerabilities typically have low complexity once the injection point is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 5.6 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000385307/dsa-2025-379-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2025-379. 2. Download and apply the security update for Dell Unity version 5.6 or later. 3. Reboot the system as required by the update process.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local system access to only authorized administrators to reduce attack surface.

Network Segmentation

all

Isolate Dell Unity systems on separate network segments with strict access controls.

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local access to Dell Unity systems.
Monitor system logs for suspicious command execution and privilege escalation attempts.

🔍 How to Verify

Check if Vulnerable:

Check Dell Unity system version via web interface or CLI. If version is 5.5 or earlier, system is vulnerable.

Check Version:

Check via Dell Unity Unisphere web interface or use 'show system version' command in CLI.

Verify Fix Applied:

Verify system version is 5.6 or later after applying the security update.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns
Privilege escalation attempts
Suspicious process creation by low-privileged users

Network Indicators:

Unusual outbound connections from Dell Unity system
Unexpected SSH or remote access attempts

SIEM Query:

source="dell-unity-logs" AND (event_type="command_execution" AND user_privilege="low") OR (event_type="privilege_escalation")

📊 Metadata

CVE ID: CVE-2025-46422

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.05% exploit probability (15.1th percentile)

Published: October 30, 2025

Last Updated: November 7, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000385307/dsa-2025-379-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46422, you might also want to check these: