Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
CriticalPublic exploit

Unauthenticated OS Command Injection in Dell Unity

IdentifiersCVE-2025-36604CWE-78· Improper Neutralization of Special…

CVE-2025-36604 is an unauthenticated remote OS command injection vulnerability affecting Dell Unity family products, including Dell Unity, UnityVSA, and Unity XT, running Dell Unity Operating Environment (OE) version 5.5 and earlier. The flaw is caused by improper neutralization of special elements in input that is incorporated into operating system command construction. Supporting reporting indicates the issue is tied to login redirection handling in UnityVSA: when authentication state is absent and the request is routed into the login flow, a user-controlled redirect URI can be passed into logic such as getCASURL and, when the type parameter is set to "login," concatenated into a command executed via Perl backticks without sufficient sanitization. An attacker can supply crafted input containing shell metacharacters or command separators to trigger arbitrary command execution on the appliance.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a remote unauthenticated attacker to execute arbitrary operating system commands on the affected storage system. This can compromise the confidentiality, integrity, and availability of the appliance and the enterprise storage environment it supports. Depending on the privileges of the vulnerable service, exploitation may permit full takeover of the affected Unity management plane or appliance functions, facilitate follow-on lateral movement, manipulation of storage configuration, disruption of services, and access to sensitive operational data.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure of Unity management interfaces and related service endpoints to untrusted networks, restrict remote access to trusted administrative networks only, and monitor logs for suspicious login redirection requests, unexpected redirect URIs, and signs of shell execution associated with web access paths. Review access controls and network segmentation around Unity appliances until the upgrade can be completed. No complete mitigation equivalent to vendor patching is provided in the available content.

Remediation

Patch, then assume compromise.

Upgrade affected systems to Dell Unity Operating Environment version 5.5.1 or later. Dell states that versions prior to 5.5.1 are affected and that 5.5.1 or newer addresses CVE-2025-36604. Apply the vendor-provided update across affected Dell Unity, UnityVSA, and Unity XT deployments, verify the installed OE version through the management interface, and confirm the update completed successfully in accordance with Dell guidance.
PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 1 candidate as fakes, detection scripts, or README-only repos.

VALID 0 / 1 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Dell TechnologiesUnity Operating Environmentapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

29 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

29 SOURCESView more in app
the hacker newsNews
Oct 17, 2025
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices

A critical pre-authenticated command injection vulnerability in Dell UnityVSA that could result in remote command execution.

Read more
the hacker newsNews
Oct 13, 2025
⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More

A vulnerability in Dell UnityVSA, listed as a trending CVE for the week. No further details provided.

Read more
hackreadNews
Oct 6, 2025
Patch Now: Dell UnityVSA Flaw Allows Command Execution Without Login

Unauthenticated command injection / remote command execution in Dell UnityVSA caused by improper sanitization of a user-controlled login redirect URI that is concatenated into a command executed via Perl backticks.

Read more
risky biz rssNews
Oct 6, 2025
Risky Bulletin: Microsoft tells users to uninstall games affected by major Unity bug

A pre-authentication command injection vulnerability in Dell UnityVSA virtual storage appliance, patched as part of a broader firmware update.

Read more
+2 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity22

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-36604
NVD
nvd.nist.gov/vuln/detail/CVE-2025-36604
MITRE CWE · CWE-78
Improper Neutralization of Special Elements…
Vendor Advisory
dell.com/support/kbdoc/en-si/000350756/dsa-2025-281-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities
github.com
github.com/watchtowrlabs/watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604
labs.watchtowr.com
labs.watchtowr.com/its-never-simple-until-it-is-dell-unityvsa-pre-auth-command-injection-cve-2025-36604