CVE-2025-36564 is a high-severity vulnerability identified in Dell Encryption Admin Utilities versions prior to 11.10.2. The vulnerability is classified under CWE-61, which pertains to improper handling of symbolic links (symlinks) in UNIX-like systems. Specifically, this flaw involves improper link resolution, where the software fails to securely handle symbolic links during its operations. A local malicious user with limited privileges can exploit this vulnerability by creating or manipulating symbolic links to trick the utility into performing unauthorized actions on files or directories. This can lead to privilege escalation, allowing the attacker to gain higher-level permissions than originally granted. The CVSS v3.1 base score of 7.8 reflects the significant impact on confidentiality, integrity, and availability, with an attack vector requiring local access but low complexity and no user interaction. The vulnerability does not require user interaction but does require the attacker to have some level of local access (low privileges). The scope is unchanged, meaning the impact is confined to the vulnerable component and its privileges. Although no known exploits are currently reported in the wild, the nature of the vulnerability makes it a critical concern for environments where local user access is possible. The lack of a patch link suggests that remediation may require updating to version 11.10.2 or later once available or applying vendor-provided mitigations.

For European organizations, this vulnerability poses a significant risk, especially in environments where Dell Encryption Admin Utilities are deployed on UNIX or Linux servers or workstations. Since the vulnerability allows local privilege escalation, any user with local access—such as employees, contractors, or potentially compromised accounts—could exploit this flaw to gain administrative or root-level privileges. This could lead to unauthorized access to encrypted data, modification or deletion of sensitive information, and disruption of encryption services, thereby compromising data confidentiality and integrity. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and government, could face severe compliance and reputational consequences if exploited. Additionally, the vulnerability could be leveraged as a stepping stone for lateral movement within networks, increasing the risk of broader compromise. Given the high CVSS score and the critical nature of encryption utilities in protecting sensitive data, the impact on European organizations could be substantial if not addressed promptly.

European organizations should prioritize the following mitigation steps: 1) Immediately identify all systems running Dell Encryption Admin Utilities and verify their versions. 2) Upgrade all affected installations to version 11.10.2 or later once the patch is officially released by Dell. 3) Until patches are applied, restrict local user access to systems running the vulnerable utility, employing strict access controls and monitoring. 4) Implement file system integrity monitoring to detect unauthorized symbolic link creations or modifications. 5) Employ application whitelisting and privilege separation to limit the ability of low-privileged users to execute or manipulate encryption utilities. 6) Conduct regular audits of user permissions and local accounts to minimize the attack surface. 7) Monitor system logs for suspicious activities related to symbolic link usage or privilege escalation attempts. 8) Engage with Dell support for any interim workarounds or security advisories. These steps go beyond generic advice by focusing on access restriction, monitoring, and proactive patch management tailored to the nature of this vulnerability.