CVE-2025-36611

Published: Jul 30, 2025Modified: Jan 14, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Affected (2)

Products: Dell: Encryption, Security Management Server

2 products

Security Management Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Encryption	Before 11.11.0.1
Dell Security Management Server	Before 11.11.0.2

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (1)

https://www.dell.com/support/kbdoc/en-us/000347824/dsa-2025-292

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.