Overview

Dell products are vulnerable to multiple critical vulnerabilities. Exploitation of these vulnerabilities may allow attackers to compromise the affected system.

Description

Dell PowerScale OneFS and Dell Unity are vulnerable to CVE-2025-27690, CVE-2025-22398, and CVE-2025-24383, with CVSS scores of 9.8 and 9.1. Dell PowerScale OneFS contains a use of default password vulnerability; meanwhile, Dell Unity contains an improper neutralization of special Elements used in an OS Command. Exploitation of these vulnerabilities may lead to account takeover and arbitrary code execution on the affected devices.

Impact

Successful exploitation of these vulnerabilities may allow the attackers to take control of the affected system.

Solution

Dell has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References

• 1. https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
• 2. https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities