Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-36604 — OS Command Injection in Dell Unity

CWE-78 — OS Command Injection6 documents6 sources

Severity

9.8CRITICALNVD

CNA7.3VulnCheck7.3

EPSS

13.1%

top 5.88%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Dell Unity Dell Unity Operating Environment

Timeline

PublishedAug 4

Latest updateOct 3

Description

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5dell/unityN/A — 5.5.1

▶NVDdell/unity_operating_environment< 5.5.1.0

🔴Vulnerability Details

GHSA

GHSA-g5wq-c47p-2h9f: Dell Unity, version(s) 5↗2025-08-04

▶

CVEList

CVE-2025-36604: Dell Unity, version(s) 5↗2025-08-04

▶

VulnCheck

dell unity_operating_environment Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2025

▶

💥Exploits & PoCs

Nuclei

Dell UnityVSA < 5.5 - Remote Command Injection

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Dell UnityVSA AccessTool.pm getCASURL Function Pre-Auth Command Injection Attempt (CVE-2025-36604)↗2025-10-03

▶