CVE-2025-36607 is a high-severity OS Command Injection vulnerability identified in Dell Unity storage systems, specifically affecting versions 5.5 and prior. The vulnerability exists within the svc_nas utility, a component responsible for managing NAS (Network Attached Storage) services. An authenticated attacker with limited privileges can exploit this flaw to escape the restricted shell environment and execute arbitrary operating system commands with root-level privileges. This is due to improper neutralization of special elements in OS commands (CWE-78), allowing malicious input to be interpreted as part of the command line. The vulnerability requires authentication but no user interaction beyond that, and the attack vector is local (AV:L), meaning the attacker must have some level of access to the system. The CVSS v3.1 score of 7.8 reflects high impact on confidentiality, integrity, and availability, as the attacker can fully compromise the system, potentially leading to data theft, destruction, or further lateral movement within the network. No known exploits are reported in the wild yet, but the severity and ease of privilege escalation make this a critical concern for organizations using affected Dell Unity versions.

For European organizations, this vulnerability poses a significant risk, especially those relying on Dell Unity storage solutions for critical data storage and NAS services. Successful exploitation could lead to full system compromise, resulting in unauthorized access to sensitive data, disruption of storage services, and potential data loss or corruption. This could impact compliance with stringent European data protection regulations such as GDPR, leading to legal and financial repercussions. Additionally, the ability to execute commands as root could allow attackers to establish persistent backdoors, move laterally within the network, and target other critical infrastructure. Organizations in sectors such as finance, healthcare, government, and critical infrastructure are particularly at risk due to the sensitivity of their stored data and the importance of uninterrupted service availability.

To mitigate this vulnerability, European organizations should immediately verify if their Dell Unity systems are running version 5.5 or earlier and prioritize upgrading to the latest patched version once available from Dell. Until a patch is released, restrict access to the svc_nas utility by limiting authenticated user permissions and enforcing strict access controls, including network segmentation to isolate storage management interfaces from general user networks. Employ multi-factor authentication (MFA) to reduce the risk of credential compromise. Monitor logs and system behavior for unusual command executions or shell escapes indicative of exploitation attempts. Additionally, implement application whitelisting and endpoint detection and response (EDR) solutions to detect and block unauthorized command execution. Regularly audit and review user accounts with access to the storage system to ensure least privilege principles are enforced.