CVE-2025-36564 is a vulnerability identified in Dell Encryption Admin Utilities versions prior to 11.10.2, involving improper symbolic link resolution (CWE-61). This flaw arises when the software fails to securely handle symbolic links, allowing a local attacker to create or manipulate symlinks that the utility follows incorrectly. By exploiting this, an attacker with local access and limited privileges can escalate their privileges, gaining higher-level access to the system. The vulnerability affects the confidentiality, integrity, and availability of systems by potentially allowing unauthorized access to sensitive encrypted data or administrative functions. The CVSS 3.1 base score of 7.8 indicates a high-severity issue with low attack complexity (AC:L), requiring local privileges (PR:L) but no user interaction (UI:N). The scope is unchanged (S:U), meaning the impact is confined to the vulnerable component or system. No public exploits are known yet, but the nature of the vulnerability suggests it could be leveraged in targeted attacks against organizations relying on Dell Encryption Admin Utilities for data protection. The vulnerability underscores the risks of improper link resolution in UNIX-like environments, where symlink attacks can lead to privilege escalation if software does not validate or sanitize link targets properly.

The primary impact of CVE-2025-36564 is local privilege escalation, enabling attackers with limited access to gain administrative or root-level privileges on affected systems. This can lead to unauthorized access to encrypted data managed by Dell Encryption Admin Utilities, undermining data confidentiality. Additionally, attackers could modify or disrupt encryption configurations, affecting data integrity and availability. Organizations relying on these utilities for endpoint encryption management face increased risk of data breaches, insider threats, and potential lateral movement within networks. The vulnerability could facilitate further attacks, including installation of persistent malware or disabling of security controls. Given the critical role of encryption in protecting sensitive information, exploitation could have severe consequences for compliance, data privacy, and operational continuity.

Until Dell releases an official patch, organizations should implement strict local access controls to limit the number of users with local system access, especially on machines running Dell Encryption Admin Utilities. Employ file system monitoring tools to detect unusual symlink creation or modification activities. Use mandatory access control (MAC) frameworks like SELinux or AppArmor to restrict the utility’s ability to follow or resolve symlinks outside expected directories. Conduct regular audits of user permissions and remove unnecessary local accounts. Isolate critical systems to reduce the risk of local attacker presence. Once available, promptly apply Dell’s security updates for Encryption Admin Utilities to remediate the vulnerability. Additionally, educate system administrators about the risks of symlink attacks and encourage secure coding practices for handling symbolic links in custom scripts or tools.