EXECUTIVE SUMMARY:
CVE‑2025‑3600: A flaw in the widely used Telerik UI for ASP.NET AJAX library versions from 2011.2.712 through 2025.1.218 allows an attacker to trigger unsafe reflection by sending a crafted request, which can lead to an unhandled exception and crash the host application (denial of service). In certain environments the issue can even be chained to achieve remote code execution. It carries a CVSS base score of 7.5.
CVE‑2025‑36604: Dell Unity, version 5.5 and prior, contain an Improper Neutralization of Special Elements used in an OS Command Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution. It carries a CVSS base score of 7.3.
RECOMMENDATION:
We strongly recommend you update Telerik UI for ASP.NET AJAX to version 2025.1.416 or later and Dell Unity Operating Environment to version 5.5.1 or later.
REFERENCES:
The following reports contain further technical details: