CVE-2025-43941 — OS Command Injection in Dell Unity

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.8HIGHNVD

CNA7.2

EPSS

0.1%

top 82.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell Unity Operating Environment

Timeline

PublishedOct 30

Description

Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary command with root privileges. This vulnerability only affects systems without a valid license install.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5dell/unityN/A — 5.5.2

▶NVDdell/unity_operating_environment< 5.5.2.0

🔴Vulnerability Details

CVEList

CVE-2025-43941: Dell Unity, version(s) 5↗2025-10-30

▶

GHSA

GHSA-fg7q-2h54-3cr2: Dell Unity, version(s) 5↗2025-10-30

▶