The flaw, tracked as CVE-2025-46608, affects all versions before 1.6.0.0 and has been assigned a CVSS score of 9.1, placing it in the critical severity category.
The security flaw stems from an improper access control vulnerability in Dell Data Lakehouse. A highly privileged attacker with remote access could exploit this weakness to elevate their privileges beyond their authorized level.
The vulnerability is particularly concerning because it requires low attack complexity and no user interaction. Making exploitation relatively straightforward for attackers who have already gained high-level access to the system.
The vulnerability can be exploited over the network, with a broader scope, potentially affecting resources beyond the vulnerable component.
| CVE ID | Affected product | CVSS Score | Affected Versions | Patched Version |
|---|---|---|---|---|
| CVE-2025-46608 | Dell Data Lakehouse | 9.1 (Critical) | Prior to 1.6.0.0 | 1.6.0.0 or later |
Successful exploitation could result in high impact on the security, integrity, and availability of the system.
Dell Technologies has classified this vulnerability as critical due to its potential to grant unauthorized access with elevated privileges, leading to complete compromise of system integrity and customer data.
Attackers exploiting this flaw could access sensitive information, modify critical data, or interrupt system operations.
Dell has released version 1.6.0.0 of Data Lakehouse to address this vulnerability. The company strongly recommends that all customers upgrade to the latest version immediately to mitigate the risk.
Users running affected versions should contact Dell Technical Support and reference advisory DSA-2025-375 for assistance with the upgrade process.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges appeared first on Cyber Security News.
A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have…
A widely used JavaScript inter-process communication library has been weaponized again. Socket and Stepsecurity have…
Security researchers at Calif, a Palo Alto-based cybersecurity firm, have used techniques derived from an…
A sprawling supply chain attack has put software developers worldwide on high alert after hackers…
Enterprise email infrastructure remains one of the most critical and vulnerable targets for cybercriminals. A…
The cybercrime underworld is turning open-source supply chain attacks into a twisted competition. After months…
This website uses cookies.