The Dell Unity, UnityVSA and Unity XT storage appliances are vulnerable. Attackers can exploit a number of vulnerabilities to compromise systems. Security patches are available.

In a security announcement, the developers state that they have closed the vulnerabilities in . All previous versions are vulnerable. First and foremost, gaps in components such as Apache HTTP Server, libcap and Vim have been closed.

These also include older vulnerabilities (CVE-2006-20001 ""). This is where attackers can launch DoS attacks. A Python vulnerability from 2007 (CVE-2007-4559 "") allows attackers to overwrite files. It remains unclear why the developers are only now closing these vulnerabilities.

However, the developers have also closed current gaps in OE. These include two "" root vulnerabilities (CVE-2025-22398, CVE-2025-24383) which attackers can use to execute malicious code.

Admins should ensure that the latest version of Dell's OE, which is protected against the attacks described, is installed.

(des)