CVE-2025-36604
CVE-2025-36604
In short
Dell Unity storage systems versions 5.5 and earlier have a flaw that allows remote attackers to run arbitrary commands without authentication. An attacker could take complete control of the system.
Technical detail
An OS command injection vulnerability in Dell Unity ≤5.5 allows unauthenticated remote attackers to execute arbitrary OS commands through improper neutralization of special elements in user input. The vulnerability enables complete system compromise without requiring prior authentication or user interaction.
Summary generated and translated by AI from the official description.
Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
Dell · UnityWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/watchtowrlabs/watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604https://labs.watchtowr.com/its-never-simple-until-it-is-dell-unityvsa-pre-auth-command-injection-cve-2025-36604/https://www.dell.com/support/kbdoc/en-si/000350756/dsa-2025-281-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities