The flaw, tracked as CVE-2025-46608, affects all versions before 1.6.0.0 and has been assigned a CVSS score of 9.1, placing it in the critical severity category.
The security flaw stems from an improper access control vulnerability in Dell Data Lakehouse. A highly privileged attacker with remote access could exploit this weakness to elevate their privileges beyond their authorized level.
The vulnerability is particularly concerning because it requires low attack complexity and no user interaction. Making exploitation relatively straightforward for attackers who have already gained high-level access to the system.
The vulnerability can be exploited over the network, with a broader scope, potentially affecting resources beyond the vulnerable component.
| CVE ID | Affected product | CVSS Score | Affected Versions | Patched Version |
|---|---|---|---|---|
| CVE-2025-46608 | Dell Data Lakehouse | 9.1 (Critical) | Prior to 1.6.0.0 | 1.6.0.0 or later |
Successful exploitation could result in high impact on the security, integrity, and availability of the system.
Dell Technologies has classified this vulnerability as critical due to its potential to grant unauthorized access with elevated privileges, leading to complete compromise of system integrity and customer data.
Attackers exploiting this flaw could access sensitive information, modify critical data, or interrupt system operations.
Dell has released version 1.6.0.0 of Data Lakehouse to address this vulnerability. The company strongly recommends that all customers upgrade to the latest version immediately to mitigate the risk.
Users running affected versions should contact Dell Technical Support and reference advisory DSA-2025-375 for assistance with the upgrade process.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges appeared first on Cyber Security News.
Warning: This review contains full spoilers for The Pitt Season 2, Episode 8!One of the…
A newly uncovered phishing campaign is delivering Agent Tesla, one of the most widely used…
The Trump Administration’s purchase of two vacant warehouses in two rural Pennsylvania townships illustrates where…
Netflix has announced that it has declined to raise its offer for Warner Bros. Discovery,…
The Federal Emergency Management Agency building in Washington, D.C., on Nov. 25, 2024. (Photo by…
Less than 24 hours before the deadline in an ultimatum issued by the Pentagon, Anthropic…
This website uses cookies.