Home

Description

Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-30 | Updated 2026-02-26 | Assigner dell




HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-59: Improper Link Resolution Before File Access ('Link Following')

Product status

Default status
unaffected

NA (semver) before 11.11.0.1
affected

Default status
unaffected

NA (semver) before 11.11.0.2
affected

Credits

Dell would like to thank falconCorrup for reporting this issue. finder

References

www.dell.com/support/kbdoc/en-us/000347824/dsa-2025-292 vendor-advisory

cve.org (CVE-2025-36611)

nvd.nist.gov (CVE-2025-36611)

Download JSON