CVE-2025-36604
Published: 04 August 2025
Summary
CVE-2025-36604 is a high-severity OS Command Injection (CWE-78) vulnerability in Dell Unity Operating Environment. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the OS command injection vulnerability by requiring timely application of the vendor-provided security update from Dell's advisory DSA-2025-281.
Prevents exploitation of the improper neutralization of special elements in OS commands by enforcing validation of all relevant information inputs to neutralize injection attempts.
Limits the attack surface for unauthenticated remote exploitation by monitoring and controlling network communications at external boundaries to the vulnerable Dell Unity management interface.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in network-accessible Dell Unity appliance enables remote unauthenticated arbitrary command execution (T1190) and direct use of command interpreters (T1059).
NVD Description
Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
Deeper analysisAI
CVE-2025-36604 is an Improper Neutralization of Special Elements used in an OS Command, classified as an OS Command Injection vulnerability (CWE-78), affecting Dell Unity versions 5.5 and prior. Published on 2025-08-04, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.
An unauthenticated attacker with remote network access can exploit this vulnerability to achieve arbitrary command execution on the affected system. The impact includes low-level disruption to confidentiality, integrity, and availability, potentially allowing further compromise depending on the executed commands.
Dell's security advisory DSA-2025-281 provides a security update for Dell Unity, Dell UnityVSA, and Dell Unity XT addressing multiple vulnerabilities, including CVE-2025-36604. WatchTowr Labs has released a GitHub repository with a pre-authentication proof-of-concept exploit and a accompanying blog post detailing the vulnerability discovery and exploitation.
Details
- CWE(s)