CVE-2025-36604 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-36604?

CVE-2025-36604 has a CVSS score of 7.3 (HIGH). This CVE describes an OS command injection vulnerability in Dell Unity storage systems. Unauthenticated remote attackers can execute arbitrary commands on affected systems, potentially gaining full control. Systems running Dell Unity version 5.5 and earlier are vulnerable.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Dell Unity storage systems. Unauthenticated remote attackers can execute arbitrary commands on affected systems, potentially gaining full control. Systems running Dell Unity version 5.5 and earlier are vulnerable.

💻 Affected Systems

Products:

Dell Unity
Dell UnityVSA
Dell Unity XT

Versions: 5.5 and prior

Operating Systems: Dell Unity OS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. UnityVSA virtual appliances are also affected.

📦 What is this software?

Unity Operating Environment by Dell

View all CVEs affecting Unity Operating Environment →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary commands, exfiltrate data, deploy ransomware, or pivot to other network systems.

🟠

Likely Case

Initial foothold leading to data theft, credential harvesting, and lateral movement within the storage environment.

🟢

If Mitigated

Limited impact if systems are isolated, patched, or have network controls preventing unauthenticated access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code and detailed analysis available from watchTowr Labs. Exploitation requires network access but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 5.5 with security updates or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-si/000350756/dsa-2025-281-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Download the latest security update from Dell Support. 2. Apply the patch following Dell's update procedures. 3. Reboot the system as required. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Dell Unity management interfaces to trusted IPs only

Firewall Rules

all

Block external access to Unity management ports (typically 443/TCP)

🧯 If You Can't Patch

Isolate affected systems from internet and untrusted networks
Implement strict network access controls and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check system version via Unity management interface or CLI. If version is 5.5 or earlier, system is vulnerable.

Check Version:

Check via Unity web interface or use 'show version' in Unity CLI

Verify Fix Applied:

Verify system version is updated to patched version and test that command injection attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns
Multiple failed authentication attempts followed by successful command execution
Suspicious process creation

Network Indicators:

Unusual outbound connections from Unity systems
Traffic to known malicious IPs
Anomalous patterns in management interface traffic

SIEM Query:

source="unity_logs" AND ("command injection" OR "os command" OR suspicious_command_pattern)

📊 Metadata

CVE ID: CVE-2025-36604

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-78

EPSS Score: 16.77% exploit probability (94.8th percentile)

Published: August 4, 2025

Last Updated: October 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36604, you might also want to check these: