Full Report
Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system integrity. The flaw, tracked as CVE-2025-46608, carries a maximum CVSS severity score of 9.1, indicating an exceptionally high risk to affected environments. CVE ID Product Affected Versions Remediated […] The post Critical Dell Data Lakehouse Flaw Allows Remote Attackers to Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Analysis Summary
# Vulnerability: Critical Dell Data Lakehouse Privilege Escalation
## CVE Details
- CVE ID: CVE-2025-46608
- CVSS Score: 9.1 (Critical)
- CWE: Improper Access Control (Implied by description)
## Affected Systems
- Products: Dell Data Lakehouse
- Versions: Versions prior to 1.6.0.0
- Configurations: Assumes standard deployment where the vulnerability can be reached remotely.
## Vulnerability Description
This is a critical Improper Access Control vulnerability affecting the Dell Data Lakehouse platform. A highly privileged attacker with remote network access can exploit this flaw to elevate their privileges on the affected system. The attack requires high-level privileges to initiate but, upon exploitation, can significantly compromise system integrity, confidentiality, and availability (CVSS vector suggests impact across C, I, and A). Exploitation requires no user interaction.
## Exploitation
- Status: Not explicitly stated if exploited in the wild, but PoC is not mentioned. Given the CVSS score and description, assume active threat potential.
- Complexity: Low (AV:N/AC:L) once the prerequisite of existing high-level access is met.
- Attack Vector: Network (AV:N)
## Impact
- Confidentiality: High (C:H)
- Integrity: High (I:H)
- Availability: High (A:H)
## Remediation
### Patches
- Apply Dell Data Lakehouse Version 1.6.0.0 or later.
### Workarounds
- No specific workarounds were detailed in the provided text, but enhanced monitoring and access controls around high-privileged accounts are recommended until patching is complete.
## Detection
- **Indicators of Compromise:** Monitor for suspicious activity involving high-privileged accounts on Data Lakehouse systems.
- **Detection Methods and Tools:** Inventory Dell Data Lakehouse deployments immediately to identify all instances running versions before 1.6.0.0.
## References
- Vendor Advisory: DSA-2025-375
- Dell Support Link: hxxps://www.dell.com/support/kbdoc/en-in/000390529/dsa-2025-375-security-update-for-dell-data-lakehouse-multiple-vulnerabilities