- Description
- Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
- Source
- security_alert@emc.com
- NVD status
- Modified
- Products
- unity_operating_environment
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security_alert@emc.com
- CWE-78
- Hype score
- Not currently trending
It's Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection CVE-2025-36604) #DellUnityVSA #CommandInjection #CVE202536604 #PreAuth #watchTowr https://t.co/7VGMxz9Mj1
@reverseame
29 Jan 2026
992 Impressions
2 Retweets
10 Likes
5 Bookmarks
0 Replies
0 Quotes
''Its Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection CVE-2025-36604)'' #infosec #pentest #redteam #blueteam https://t.co/52pslXb6LE
@CyberWarship
25 Oct 2025
1669 Impressions
1 Retweet
7 Likes
4 Bookmarks
1 Reply
0 Quotes
It's Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection CVE-2025-36604) https://t.co/6wuhb7178O #patchmanagement
@eyalestrin
7 Oct 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit #AppSec 1⃣ Injeção de Comando Pré-Auth no Dell UnityVSA (CVE-2025-36604) https://t.co/iL2axStRil 2⃣ Bypass de Autenticação na API Rest via XSS no Safari e Chrome (iOS/iPhone) https://t.co/otBc2Cu46A 3⃣ Execução Arbitrária de Código no Android Unity Runt
@akaclandestine
4 Oct 2025
641 Impressions
1 Retweet
0 Likes
3 Bookmarks
0 Replies
0 Quotes
#exploit #AppSec 1⃣ Dell UnityVSA Pre-Auth Command Injection (CVE-2025-36604) https://t.co/tiKcHOVA83 2⃣ Authentication Bypass in the Rest API via XSS on Safari and Chrome (iOS/iPhone) https://t.co/lbHUpHaskb 3⃣ Arbitrary Code Execution in Android Unity Runtime
@ksg93rd
4 Oct 2025
251 Impressions
2 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-36604 - critical 🚨 Dell UnityVSA < 5.5 - Remote Command Injection > Dell Unity, version(s) 5.5 and prior, contains an Improper Neutralization of Special ... 👾 https://t.co/oBqgjVkI95 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
4 Oct 2025
178 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Happy Friday! Enjoy our analysis of CVE-2025-36604, a pre-auth Command Inj in Dell's UnityVSA that we discovered and reported in March. https://t.co/kawjpEH94m
@watchtowrcyber
3 Oct 2025
8464 Impressions
36 Retweets
100 Likes
32 Bookmarks
0 Replies
1 Quote
CVE-2025-36604 (CVSS:7.3, HIGH) is Awaiting Analysis. Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('..https://t.co/xbrnyfVfph #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
9 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-36604 Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unaut… https://t.co/027W7HUqwF
@CVEnew
4 Aug 2025
365 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C908C3A-7827-4AD2-9FCB-EAB754928E10",
"versionEndExcluding": "5.5.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]