CVE-2025-36611 is an improper link resolution vulnerability (CWE-59) found in Dell Encryption and Dell Security Management Server versions prior to 11.11.0. This vulnerability arises when the software incorrectly handles symbolic links before accessing files, allowing a local attacker to exploit the link-following behavior to access or modify files with elevated privileges. Specifically, a malicious user with local access can create or manipulate symbolic links to trick the application into accessing unintended files or directories, leading to privilege escalation. The CVSS v3.1 base score is 7.3, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning successful exploitation can lead to full system compromise, unauthorized data access, and disruption of services. Although no exploits are currently known in the wild, the vulnerability poses a significant risk due to the sensitive nature of encryption software and the potential for attackers to bypass security controls. The vulnerability was reserved in April 2025 and published in July 2025, with no patches currently available, emphasizing the need for immediate mitigation strategies.

The vulnerability allows local attackers to escalate privileges by exploiting improper symbolic link resolution, potentially gaining unauthorized access to encrypted data and administrative functions. This can lead to full system compromise, data breaches, and disruption of encryption services critical for data protection. Organizations relying on Dell Encryption for securing sensitive information may face significant confidentiality and integrity risks. The high impact on availability could also disrupt business operations, especially in environments where encryption is integral to compliance and security policies. The requirement for local access limits remote exploitation but increases risk from insider threats or attackers who have gained initial footholds. The absence of known exploits in the wild currently reduces immediate widespread risk but does not diminish the urgency for remediation given the critical nature of the affected software.

1. Immediately restrict local access to systems running vulnerable versions of Dell Encryption and Dell Security Management Server to trusted personnel only. 2. Implement strict file system permissions and monitoring to detect unauthorized creation or modification of symbolic links. 3. Employ application whitelisting and endpoint detection and response (EDR) tools to monitor suspicious local activities indicative of privilege escalation attempts. 4. Regularly audit and review user privileges to minimize the number of users with local access and administrative rights. 5. Once Dell releases patches or updates addressing CVE-2025-36611, prioritize their deployment in all affected environments. 6. Consider deploying additional layers of security such as mandatory access controls (e.g., SELinux, AppArmor) to limit the impact of link-following vulnerabilities. 7. Educate users about the risks of local exploitation and enforce policies to prevent execution of untrusted code or scripts. 8. Maintain up-to-date backups and incident response plans to quickly recover from potential exploitation.