CVE-2025-24381
Published: 28 March 2025
Description
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
Security Summary
CVE-2025-24381 is an URL Redirection to Untrusted Site ('Open Redirect') vulnerability, classified as CWE-601, affecting Dell Unity versions 5.4 and prior. Published on 2025-03-28, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, no required privileges, user interaction dependency, and high impacts on confidentiality, integrity, and availability.
An unauthenticated attacker with remote access can exploit this vulnerability to redirect targeted application users to arbitrary web URLs. This enables phishing attacks that trick users into divulging sensitive information, and exploitation may also facilitate session theft.
Dell's DSA-2025-116 advisory provides a security update addressing multiple vulnerabilities in Dell Unity, Dell UnityVSA, and Dell Unity XT, including CVE-2025-24381. Security practitioners should consult the advisory at https://www.dell.com/support/kbdoc/en-us/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities for patching guidance and mitigation steps.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Open redirect vulnerability directly enables crafting of spearphishing links using the trusted application domain to redirect users to malicious sites for phishing and potential session theft.