AI description
CVE-2025-36604 refers to an OS Command Injection vulnerability found in Dell Unity versions 5.5 and prior. An unauthenticated attacker with remote access could exploit this vulnerability, potentially leading to arbitrary command execution. Specifically, the vulnerability lies in the `svc_nfssupport` utility of Dell Unity. This vulnerability can be exploited by an unauthenticated attacker to escape the restricted shell and execute arbitrary operating system commands with root privileges.
- Description
- Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
- Source
- security_alert@emc.com
- NVD status
- Modified
- Products
- unity_operating_environment
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security_alert@emc.com
- CWE-78
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
19
#exploit #AppSec 1⃣ Injeção de Comando Pré-Auth no Dell UnityVSA (CVE-2025-36604) https://t.co/iL2axStRil 2⃣ Bypass de Autenticação na API Rest via XSS no Safari e Chrome (iOS/iPhone) https://t.co/otBc2Cu46A 3⃣ Execução Arbitrária de Código no Android Unity Runt
@akaclandestine
4 Oct 2025
641 Impressions
1 Retweet
0 Likes
3 Bookmarks
0 Replies
0 Quotes
#exploit #AppSec 1⃣ Dell UnityVSA Pre-Auth Command Injection (CVE-2025-36604) https://t.co/tiKcHOVA83 2⃣ Authentication Bypass in the Rest API via XSS on Safari and Chrome (iOS/iPhone) https://t.co/lbHUpHaskb 3⃣ Arbitrary Code Execution in Android Unity Runtime
@ksg93rd
4 Oct 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-36604 - critical 🚨 Dell UnityVSA < 5.5 - Remote Command Injection > Dell Unity, version(s) 5.5 and prior, contains an Improper Neutralization of Special ... 👾 https://t.co/oBqgjVkI95 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
4 Oct 2025
169 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Happy Friday! Enjoy our analysis of CVE-2025-36604, a pre-auth Command Inj in Dell's UnityVSA that we discovered and reported in March. https://t.co/kawjpEH94m
@watchtowrcyber
3 Oct 2025
8464 Impressions
36 Retweets
100 Likes
32 Bookmarks
0 Replies
1 Quote
CVE-2025-36604 (CVSS:7.3, HIGH) is Awaiting Analysis. Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('..https://t.co/xbrnyfVfph #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
9 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-36604 Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unaut… https://t.co/027W7HUqwF
@CVEnew
4 Aug 2025
365 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C908C3A-7827-4AD2-9FCB-EAB754928E10",
"versionEndExcluding": "5.5.1.0"
}
],
"operator": "OR"
}
]
}
]