CVE-2025-46608

CVSS 9.1 CRITICALEPSS 0.4%CWE-284

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.1EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

12 Nov 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in unauthorized access with elevated privileges, compromising system integrity and customer data. Dell recommends customers upgrade to the latest version at the earliest opportunity.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Dell · Data Lakehouse

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.dell.com/support/kbdoc/en-us/000390529/dsa-2025-375-security-update-for-dell-data-lakehouse-multiple-vulnerabilities