CVE-2025-36604

HIGH EXPLOITED NUCLEI

Dell Unity Operating Environment < 5.5.1.0 - OS Command Injection

Title source: rule

Description

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

Exploits (1)

nomisec WORKING POC 2 stars

by watchtowrlabs · remote

https://github.com/watchtowrlabs/watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604

View Code ZIP pw:eip

Nuclei Templates (1)

Dell UnityVSA < 5.5 - Remote Command Injection

CRITICALVERIFIEDby DhiyaneshDK,watchtowr

Shodan: title:"Unisphere"

FOFA: title="Unisphere"

References (3)

[Various Sources] https://github.com/watchtowrlabs/watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604

[Various Sources] https://labs.watchtowr.com/its-never-simple-until-it-is-dell-unityvsa-pre-auth-command-injection-cve-2025-36604/

[Vendor Advisory] https://www.dell.com/support/kbdoc/en-si/000350756/dsa-2025-281-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities

Scores

CVSS v3 7.3

EPSS 0.1308

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

VulnCheck KEV 2025-10-09

CWE

CWE-78

Status published

Products (1)

dell/unity_operating_environment < 5.5.1.0

Published Aug 04, 2025

Tracked Since Feb 18, 2026