CVE-2025-36604

HIGH EXPLOITED NUCLEI

Dell Unity Operating Environment < 5.5.1.0 - Unauthenticated OS Command Injection

Title source: llm

Exploitation Summary

CVE-2025-36604 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including watchtowrlabs. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python script that exploits CVE-2025-36604, an unauthenticated remote command injection vulnerability in Dell UnityVSA. The script sends a crafted HTTP request to execute arbitrary commands on the target system.

Description

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

Exploits (1)

nomisec WORKING POC 2 stars

by watchtowrlabs · remote

https://github.com/watchtowrlabs/watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604

View Code ZIP pw:eip

This repository contains a Python script that exploits CVE-2025-36604, an unauthenticated remote command injection vulnerability in Dell UnityVSA. The script sends a crafted HTTP request to execute arbitrary commands on the target system.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Dell UnityVSA versions prior to 5.5.1

No auth needed

Prerequisites: Network access to the target system · Target system running vulnerable Dell UnityVSA version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Dell UnityVSA < 5.5 - Remote Command Injection

CRITICALVERIFIEDby DhiyaneshDK,watchtowr

Shodan: title:"Unisphere"

FOFA: title="Unisphere"

References (3)

Core 3

Core References

Various Sources

https://github.com/watchtowrlabs/watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604

Various Sources

https://labs.watchtowr.com/its-never-simple-until-it-is-dell-unityvsa-pre-auth-command-injection-cve-2025-36604/

Vendor Advisory vendor-advisory

https://www.dell.com/support/kbdoc/en-si/000350756/dsa-2025-281-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities

Scores

CVSS v3 7.3

EPSS 0.1670

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-10-09

CWE

CWE-78

Status published

Products (1)

dell/unity_operating_environment < 5.5.1.0

Published Aug 04, 2025

Tracked Since Feb 18, 2026