CVE-2025-43941 is an OS command injection vulnerability identified in Dell Unity storage systems version 5.5 and earlier. The root cause is improper neutralization of special elements in operating system commands, allowing an attacker to inject and execute arbitrary commands. This vulnerability is exploitable by a low-privileged attacker who has local access to the affected system, but only if the system does not have a valid license installed. Upon successful exploitation, the attacker can execute commands with root privileges, leading to full system compromise. The vulnerability is categorized under CWE-78, which relates to improper sanitization of inputs used in OS commands. The CVSS v3.1 base score is 7.2, indicating a high severity with network attack vector, low attack complexity, high privileges required, no user interaction, and impacts on confidentiality, integrity, and availability. No patches or known exploits have been publicly disclosed yet. The vulnerability is particularly critical because it allows privilege escalation from a low-privileged local user to root, which could be leveraged to disrupt storage services, exfiltrate sensitive data, or pivot within the network.

The impact of CVE-2025-43941 is significant for organizations using Dell Unity storage systems without valid licenses. Successful exploitation grants root-level command execution, enabling attackers to fully control the affected system. This can lead to data breaches, data corruption, service disruption, and potential lateral movement within the network. Storage systems are often central to enterprise data infrastructure; thus, compromise can affect business continuity and data integrity. The requirement for local access limits remote exploitation but does not eliminate risk, especially in environments where multiple users have local access or where attackers can gain initial footholds through other means. The absence of a valid license as a prerequisite may reduce the attack surface but also highlights risks in environments with expired or improperly managed licenses. The lack of known exploits in the wild suggests limited current exploitation but does not preclude future attacks, especially as details become more widely known.

1. Ensure all Dell Unity systems have valid licenses installed to prevent exposure to this vulnerability. 2. Restrict local access to Dell Unity systems to trusted administrators only, minimizing the risk of low-privileged attackers gaining access. 3. Monitor and audit local user activities on Dell Unity systems to detect suspicious command execution attempts. 4. Implement strict access controls and network segmentation to limit attacker movement if initial access is gained. 5. Regularly check for and apply vendor patches or updates addressing this vulnerability once available. 6. Employ host-based intrusion detection systems (HIDS) to identify anomalous command execution patterns. 7. Review and harden system configurations to reduce the attack surface, including disabling unnecessary services and accounts. 8. Maintain an up-to-date asset inventory and license management to ensure compliance and reduce exposure.