Cyber Resilience

CVE-2025-36604

High

Published: 04 August 2025

Published
04 August 2025
Modified
03 October 2025
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.1544 94.8th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-36604 is a high-severity OS Command Injection (CWE-78) vulnerability in Dell Unity Operating Environment. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Dell Unity versions 5.5 and prior are affected by an OS command injection vulnerability tracked as CVE-2025-36604 and CWE-78. The flaw stems from improper neutralization of special elements in operating system commands and carries a CVSS 3.1 base score of 7.3.

An unauthenticated attacker with remote network access can exploit the issue to execute arbitrary commands on the affected system, obtaining limited impacts to confidentiality, integrity, and availability without requiring user interaction.

Dell’s advisory DSA-2025-281 recommends applying the vendor-supplied security updates for Dell Unity, UnityVSA, and Unity XT to address multiple vulnerabilities including this one. Public technical analyses and proof-of-concept material have also been published by watchTowr Labs.

The EPSS score for the CVE rose from a low baseline to a peak of 0.2116, indicating emerging exploitation interest after disclosure.

EU & UK References

Vulnerability details

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

OS command injection in network-accessible Dell Unity appliance enables remote unauthenticated arbitrary command execution (T1190) and direct use of command interpreters (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-49601Same product: Dell Unity Operating Environment
CVE-2025-24382Same product: Dell Unity Operating Environment
CVE-2025-24377Same product: Dell Unity Operating Environment
CVE-2025-22398Same product: Dell Unity Operating Environment
CVE-2025-24383Same product: Dell Unity Operating Environment
CVE-2025-23383Same product: Dell Unity Operating Environment
CVE-2026-22277Same product: Dell Unity Operating Environment
CVE-2025-24385Same product: Dell Unity Operating Environment
CVE-2025-24380Same product: Dell Unity Operating Environment
CVE-2025-24386Same product: Dell Unity Operating Environment

Affected Assets

dell
unity operating environment
≤ 5.5.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the OS command injection vulnerability by requiring timely application of the vendor-provided security update from Dell's advisory DSA-2025-281.

prevent

Prevents exploitation of the improper neutralization of special elements in OS commands by enforcing validation of all relevant information inputs to neutralize injection attempts.

prevent

Limits the attack surface for unauthenticated remote exploitation by monitoring and controlling network communications at external boundaries to the vulnerable Dell Unity management interface.

References