CVE-2025-22398

Published Mar 28, 2025

Last updated 6 days ago

CVSS critical 9.8
Dell Unity

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-22398 is a command injection vulnerability affecting Dell Unity, UnityVSA, and Unity XT systems version 5.4 and earlier. An unauthenticated attacker with remote access could exploit this vulnerability to execute arbitrary operating system commands as root. Specifically, the vulnerability stems from improper neutralization of special elements used in OS commands, allowing attackers to inject malicious commands through network requests to the Unity API. Successful exploitation could lead to a complete system takeover, potentially enabling ransomware deployment, data exfiltration, and persistent backdoor installation.

Description
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution as root. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it can be leveraged to completely compromise the operating system. Dell recommends customers to upgrade at the earliest opportunity.
Source
security_alert@emc.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security_alert@emc.com
CWE-78

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2025-22398 (CVSS:9.8, CRITICAL) is Awaiting Analysis. Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('..https://t.co/7MW2TrXBxX #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    2 Apr 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-22398: Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw, that could allow attackers to execute arbitrary commands as root, delete critical system files, and perform other malicious activities without authentication.  #CVE #Dell https://t.co/18UDmnFnzO

    @Ashutosh__048

    1 Apr 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Dell Unity has patched a critical command injection vulnerability (CVE-2025-22398) with a CVSS score of 9.8, allowing potential system takeover. Update to Version 5.5.0.0.5.259 or later. 🔒 #Dell #Unity #USA link: https://t.co/C30QP1rYvq https://t.co/9dQaXED7Xd

    @TweetThreatNews

    31 Mar 2025

    29 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Critical Alert: CVE-2025-22398 in Dell Unity OS (CVSS 9.8) allows root-level command injection via SMB. Exploit code confirmed circulating. Patch immediately. Details: https://t.co/anlDaLKjgI #CyberSecurity #Vulnerability

    @adriananglin

    31 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-22398: Dell Unity Hit by 9.8 CVSS Root-Level Command Injection Flaw https://t.co/w6Kdkdj9uf

    @Dinosn

    31 Mar 2025

    8585 Impressions

    39 Retweets

    115 Likes

    25 Bookmarks

    1 Reply

    1 Quote

  6. Dellは、Unity OSに存在する重大な脆弱性を修正するセキュリティアップデートを公開した。対象製品はUnity、UnityVSA、Unity XT。認証なしのリモートコマンド実行、ファイル削除、オープンリダイレクト、権限昇格といった深刻なリスクが存在する。 中でもCVE-2025-22398(CVSS

    @yousukezan

    31 Mar 2025

    740 Impressions

    0 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  7. Among the most severe of these is CVE-2025-22398, a command injection flaw with a CVSS base score of 9.8, which enables unauthenticated attackers to execute arbitrary operating system commands as root—potentially allowing full system takeover. https://t.co/9P9jSoAtYk

    @the_yellow_fall

    31 Mar 2025

    552 Impressions

    5 Retweets

    7 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  8. 🔴New vulnerability was just published🔴 CVE ➡️ CVE-2025-22398 Impacting ➡️ Dell unity CVSS ➡️ 9.8 #cve #securitricks #vulnerability #cybersecurity https://t.co/1YNBL0Eb9B

    @SecuriTricks

    28 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Critical alert: Dell Unity systems (v5.4 and earlier) have a severe vulnerability (CVE-2025-22398) allowing remote root access. Patch immediately using DSA-2025-116. No workarounds exist - treat this as urgent. Details: https://t.co/r6wutm3OS0

    @RedTeamNewsBlog

    28 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. [CVE-2025-22398: CRITICAL] Critical OS Command Injection vulnerability found in Dell Unity versions 5.4 and below. Upgrade advised to prevent remote attackers from exploiting and executing arbitrary commands.#cybersecurity,#vulnerability https://t.co/sULGIWERha https://t.co/RTiUT

    @CveFindCom

    28 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References