High

OS Command Injection in Dell Unity svc_nas Utility

IdentifiersCVE-2025-36607CWE-78· Improper Neutralization of Special…

CVE-2025-36607 is an authenticated OS command injection vulnerability in the svc_nas utility of Dell Unity Operating Environment affecting version 5.5 and prior. The flaw is caused by improper neutralization of special elements used in OS commands. An authenticated attacker can provide crafted input to svc_nas that is passed to the underlying shell, allowing the attacker to escape the restricted shell environment and execute arbitrary operating system commands with root privileges on the affected Dell Unity system.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows arbitrary OS command execution as root on the underlying appliance. Because the vulnerability enables escape from a restricted shell, it can fully compromise the affected storage system’s integrity and availability, and may permit administrative takeover, configuration manipulation, service disruption, and access to sensitive data handled by the platform.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, restrict access to the affected system to only trusted administrators, minimize or disable access to the svc_nas utility where operationally feasible, tightly control local and management-plane access, and monitor for suspicious use of restricted-shell utilities and unexpected root-level command execution. Because exploitation requires valid credentials, prioritize credential hygiene, MFA where supported, and rapid revocation of unnecessary accounts until the upgrade can be completed.

Remediation

Patch, then assume compromise.

Upgrade Dell Unity Operating Environment to version 5.5.1 or later. Dell states that versions prior to 5.5.1 are affected and that 5.5.1 or later addresses this vulnerability. Apply the vendor-provided update across affected Dell Unity, Dell EMC Unity All Flash, Dell EMC Unity Hybrid, and relevant UnityVSA/Unity XT deployments running vulnerable Unity OE versions.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Dell TechnologiesUnity Operating Environmentapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

zeropath blogNews

Aug 4, 2025

Dell Unity CVE-2025-36607 OS Command Injection Vulnerability: Brief Summary and Patch Guidance - ZeroPath Blog | ZeroPath

An authenticated OS command injection vulnerability in the svc_nas utility of Dell Unity Operating Environment that allows restricted shell escape and arbitrary command execution as root.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-36607

NVD

nvd.nist.gov/vuln/detail/CVE-2025-36607

MITRE CWE · CWE-78

Improper Neutralization of Special Elements…

Vendor Advisory

dell.com/support/kbdoc/en-si/000350756/dsa-2025-281-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities