CVE-2025-36604 Scanner

Dell UnityVSA is a virtual storage appliance used in enterprise environments, providing storage management and services capabilities. It's commonly utilized for storage consolidation and efficient data management by small to medium-sized businesses and within large enterprises. The software offers a comprehensive set of features including data protection, storage provisioning, and system monitoring, making it a vital tool for IT administrators. Dell Unity operates within an organization's data center infrastructure, facilitating seamless integration with various network and cloud services. It is preferred for its scalability, high availability, and support for multiple storage protocols critical for business operations. The appliance aims to optimize storage resources, enhance operational efficiency, and reduce IT costs.

The detected vulnerability in Dell UnityVSA is a form of Remote Code Execution (RCE), which arises due to improper neutralization of special elements in OS commands. It allows malicious actors to execute arbitrary commands on the host operating system without authentication. Attackers can exploit this vulnerability remotely, making it particularly dangerous for exposed network setups. The RCE vulnerability is classified as critical, with the potential for severe impact on data confidentiality, integrity, and availability. This flaw highlights the importance of maintaining up-to-date software versions and implementing effective network security controls. Organizations relying on Dell UnityVSA must address this vulnerability promptly to prevent unauthorized access and mitigate associated risks.

The technical underpinnings of this vulnerability involve inadequate neutralization techniques in handling OS command input. The identified endpoint that is vulnerable accepts unsanitized input that can be manipulated to execute commands remotely. Specifically, this vulnerability can be triggered through crafted inputs that make use of special shell characters. Such inputs bypass internal controls meant to restrict command execution, resulting in arbitrary code execution. The issue was identified using a GET request directed at a specific path, exploiting the misconfiguration of command processing. Additionally, detected interactions with external domains highlight the potential vector for data exfiltration attempts. Proper input validation and command neutralization are crucial countermeasures to prevent exploitation.

Exploiting this vulnerability may lead to severe consequences, including unauthorized control over networked storage infrastructure and potential leakage of sensitive data. Attackers could execute malicious scripts to alter, delete, or steal information stored on the affected systems. Further risks include disruption of storage services, impacting business operations dependent on critical data access. Additionally, exploit attempts might facilitate lateral movement to other network segments, increasing the impact scope. Organizations may face reputational damage, financial losses, and regulatory fines if sensitive data is compromised. Thus, proactive measures are essential to ensure such security lapses do not undermine data integrity and business continuity.

REFERENCES

• https://labs.watchtowr.com/its-never-simple-until-it-is-dell-unityvsa-pre-auth-command-injection-cve-2025-36604/
• https://github.com/watchtowrlabs/watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604/blob/main/watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604.py
• https://nvd.nist.gov/vuln/detail/CVE-2025-36604