CVE-2025-36611 is a high-severity vulnerability identified in Dell Encryption and Dell Security Management Server products, specifically in versions prior to 11.11.0. The vulnerability is classified under CWE-59: Improper Link Resolution Before File Access, commonly referred to as 'Link Following'. This flaw arises when the software improperly handles symbolic links or shortcuts before accessing files, allowing a local malicious user to manipulate file paths. By exploiting this vulnerability, an attacker with local access and limited privileges can escalate their privileges on the affected system. The CVSS v3.1 base score is 7.3, indicating a high impact with the vector AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. This means the attack requires local access, low attack complexity, and low privileges but does require user interaction. The vulnerability impacts confidentiality, integrity, and availability at a high level, potentially allowing the attacker to gain elevated privileges, access sensitive encrypted data, or disrupt encryption services. No known exploits are currently reported in the wild, and no official patches or mitigations have been linked yet. However, the presence of this vulnerability in encryption management software is critical because it could undermine the security guarantees of data protection solutions deployed in enterprise environments.

For European organizations, the impact of CVE-2025-36611 could be significant, especially for those relying on Dell Encryption and Security Management Server to protect sensitive data, including personal data protected under GDPR. Privilege escalation could allow attackers to bypass encryption controls, access confidential information, modify or delete encrypted data, or disrupt encryption services, leading to data breaches or operational downtime. Organizations in sectors such as finance, healthcare, government, and critical infrastructure, which often deploy encryption solutions, are at higher risk. The breach of encrypted data could result in regulatory penalties, reputational damage, and loss of customer trust. Additionally, since the vulnerability requires local access and user interaction, insider threats or compromised endpoints could be leveraged to exploit this flaw. The potential for high confidentiality, integrity, and availability impact makes this vulnerability a serious concern for European enterprises managing sensitive or regulated data.

To mitigate this vulnerability, European organizations should prioritize upgrading Dell Encryption and Dell Security Management Server to version 11.11.0 or later as soon as the patch becomes available. Until a patch is released, organizations should implement strict access controls to limit local user privileges and restrict who can log in to systems running these products. Employing endpoint protection solutions to detect and prevent suspicious local activities can reduce exploitation risk. Monitoring and auditing file system changes and symbolic link creations can help detect attempts to exploit link following issues. Additionally, enforcing the principle of least privilege and using application whitelisting can minimize the attack surface. Organizations should also educate users about the risks of interacting with untrusted files or links to reduce the likelihood of user interaction exploitation. Finally, maintaining robust backup and recovery procedures will help mitigate the impact of any potential compromise.