Cybersecurity researchers at WatchTowr have disclosed a critical vulnerability in Dell UnityVSA (and related Unity platforms) tracked as CVE-2025-36604. The flaw allows an attacker with no authentication to issue arbitrary OS commands on vulnerable appliances by abusing the login redirection logic. Review the details of this Cybersecurity Threat Advisory to learn more.
What is the threat?
An attacker without credentials can exploit improper handling of login redirect URIs to execute arbitrary commands remotely. These commands run with the privileges of the affected service, potentially leading to configuration changes, data exfiltration or destruction, installation of malicious scripts, or full control of the appliance. Unity products are often externally exposed due to their deployment in virtualized environments (e.g., VMware ESXi), which commonly include accessible management interfaces.
Why is it noteworthy?
The vulnerability does not require authentication, significantly increasing the attack surface for organizations using Dell Unity storage solutions. These platforms frequently host critical data and services, so exploitation could severely impact data confidentiality, integrity, and availability. Dell’s advisory highlights that this issue is part of a broader set of vulnerabilities affecting Unity OE and related utilities, emphasizing the urgency of applying patches and monitoring for associated CVEs.
What is the exposure or risk?
Unity OE versions 5.5 and earlier are vulnerable to remote, unauthenticated command execution if left unpatched. Attackers could manipulate system configurations, access or destroy sensitive data, deploy persistent threats, or escalate control across the environment. Dell has identified related vulnerabilities that compound the risk, reinforcing the need for immediate remediation through updates.
What are the recommendations?
Barracuda recommends the following actions to limit risk from this threat:
- Upgrade to Dell Unity OE 5.5.1 or later immediately across affected systems.
- Implement compensating controls: restrict management interfaces to trusted networks, enable strong authentication for any exposed endpoints, and monitor for unusual redirect URIs or web-based command execution attempts.
- Deploy a detection and validation process to confirm systems are patched and not exposed to unauthenticated redirects.
- Utilize WatchTowr Detection Artefact Generator to help validate exposure post-patch.
- Review and harden logging: monitor for unexpected redirects, shell executions, or web access anomalies around management interfaces; align with Dell’s security guidance and asset management practices.
- Validate with external scanning.
References
For more in-depth information about the recommendations, please visit the following links:
- https://hackread.com/dell-unityvsa-flaw-command-execution-without-login/
- https://labs.watchtowr.com/its-never-simple-until-it-is-dell-unityvsa-pre-auth-command-injection-cve-2025-36604/
- https://nvd.nist.gov/vuln/detail/CVE-2025-36604
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.