Unity - RCE (CVE-2025-36604)

CVE-2025-36604 is an OS command injection vulnerability in Dell Unity versions 5.5 and earlier, allowing unauthenticated remote attackers to execute arbitrary commands on the affected system. This flaw could be leveraged to compromise system integrity, access sensitive data, or disrupt storage operations, posing a significant risk to enterprise environments.

CrowdSec has been tracking this vulnerability and its exploits since 9th of October 2025.

Data from the CrowdSec community indicates that exploitation of CVE-2025-36604 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2025-36604 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2025-36604 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit this vulnerability by sending specially crafted requests to URLs containing /misc/ with injected backticks and command substitution (e.g., ``/misc/`curl${IFS}```), targeting Dell UnityVSA systems to achieve remote command execution.