CVE-2025-36564

| EUVD-2025-16740 HIGH
2025-06-03 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16740
CVE Published
Jun 03, 2025 - 15:15 nvd
HIGH 7.8

Tags

Privilege Escalation Dell Encryption

Description

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Analysis

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability (CWE-61) that allows a local user with limited privileges to escalate their permissions to higher levels without user interaction. The vulnerability has a CVSS score of 7.8 (High) with local attack vector and low attack complexity, indicating straightforward exploitation by unprivileged local users. No active exploitation in the wild has been confirmed at this time, but the local privilege escalation nature and availability of detailed CVE information presents a meaningful post-patch exploitation risk.

Technical Context

This vulnerability exploits improper symbolic link or path resolution in Dell Encryption Admin Utilities, a Windows-based administrative tool for managing encryption policies across enterprise environments. CWE-61 (Improper Link Resolution Before File Access) occurs when the application follows symbolic links, hardlinks, or junction points to unintended file locations without proper validation. In the context of admin utilities, this typically manifests when the tool accesses configuration files, temporary directories, or system resources during elevated operations without validating the actual target of path references. The vulnerability affects Dell Encryption Admin Utilities CPE: cpe:2.3:a:dell:encryption_admin_utilities:*:*:*:*:*:*:*:* for all versions prior to 11.10.2. The local attack surface suggests exploitation through writable directories (temp folders, user profiles) where an attacker can plant malicious symbolic links to be dereferenced during privileged operations.

Affected Products

Dell Encryption Admin Utilities (All versions prior to 11.10.2)

Remediation

- action: Immediate Patch; details: Upgrade Dell Encryption Admin Utilities to version 11.10.2 or later. This is the authoritative fix provided by Dell.; priority: Critical - action: Access Control; details: Restrict local administrative access to systems running Dell Encryption Admin Utilities. Implement least-privilege principles and disable unnecessary local user accounts with shell access.; priority: High - action: Directory Permissions; details: Verify and restrict write permissions on temporary directories (%TEMP%, %TMP%), application installation directories, and configuration file paths used by Dell Encryption Admin Utilities. Remove symlink creation capabilities from non-admin users where possible.; priority: High - action: Monitoring; details: Monitor file system events for suspicious symbolic link creation attempts in paths accessed by Dell Encryption Admin Utilities processes. Enable Windows Audit object access logging for admin utility directories.; priority: Medium - action: Workaround (Temporary); details: If immediate patching is not feasible, restrict Dell Encryption Admin Utilities execution to a locked-down service account with minimal additional privileges. However, this is NOT a substitute for patching and should only be a temporary measure.; priority: Medium

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Share

CVE-2025-36564 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy