CVE-2025-36607 HIGH

CVE-2025-36607

Vendor Dell

Product Unity

Weakness CWE-78

Published August 4, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

Key dates

02Disclosure timeline

August 4, 2025 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-36607

Related vulnerabilities

04Related CVE

CVE-2026-21654 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution CVE-2026-0787 ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability CVE-2024-10919 didi Super-Jacoco triggerUnitCover os command injection CVE-2026-28207 Zen-C Vulnerable to Command Injection via Malicious Output Filename CVE-2025-8650 Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability