How severe is CVE-2025-24381?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2025-24381?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2025-24381 - HIGH Severity | CVSS 8.8

Vulnerability Description

Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. Exploitation may allow for session theft.

Related Vulnerabilities

CVE-2016-9078

HIGH

CVSS:8.8(High)

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it load...

CWE-6012016

CVE-2017-1000117

HIGH

CVSS:8.8(High)

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such...

CWE-6012017

CVE-2017-1156

HIGH

CVSS:8.8(High)

IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attack...

CWE-6012017

CVE-2017-11879

HIGH

CVSS:8.8(High)

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

CWE-6012017

CVE-2019-10751

HIGH

CVSS:8.8(High)

All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory...

CWE-6012019

CVE-2022-41204

HIGH

CVSS:8.8(High)

An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from ...

CWE-6012022