CVE-2025-36604

Name of the Vulnerable Software and Affected Versions Dell Unity versions prior to 5.5.1 Dell UnityVSA versions prior to 5.5.1

Description Dell Unity and UnityVSA contain an Improper Neutralization of Special Elements used in an OS Command vulnerability, also known as OS Command Injection. An unauthenticated, remote attacker could potentially exploit this issue to execute arbitrary commands on the system. The vulnerability stems from improper handling of login redirect URIs, allowing an attacker to insert shell metacharacters into a command execution string during the redirect process. This could lead to unauthorized configuration changes, data access, or complete control over the appliance.

Recommendations Upgrade to version 5.5.1 or later to address this vulnerability.