UNIX Symbolic Link (Symlink) Following

CVE-2025-36564

High

7.8/10

Summary

Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-61 - UNIX Symbolic Link (Symlink) Following

The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

References

Advisory Timeline

Published Jun 03, 2025

UNIX Symbolic Link (Symlink) Following

CVE-2025-36564

Summary

CWE-61 - UNIX Symbolic Link (Symlink) Following

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS