Unity - RCE (CVE-2025-36604)

CVE-2025-36604 is an OS command injection vulnerability in Dell Unity versions 5.5 and earlier, allowing unauthenticated remote attackers to execute arbitrary commands on the affected system. This flaw could be leveraged to compromise system integrity, access sensitive data, or disrupt storage operations, posing a significant risk to enterprise environments.

CrowdSec has been tracking this vulnerability and its exploits since 9th of October 2025.

CrowdSec network observations suggest that most exploitation of CVE-2025-36604 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. CrowdSec data also reveals a clear uptick in attacks involving CVE-2025-36604 over the past week. Activity is above the usual baseline, suggesting growing attention from attackers. This may reflect rising awareness, recent exploit releases, or expanded targeting efforts.

Attackers exploit this vulnerability by sending specially crafted requests to URLs containing /misc/ with injected backticks and command substitution (e.g., ``/misc/`curl${IFS}```), targeting Dell UnityVSA systems to achieve remote command execution.