DSA-2025-442: Security Update for Dell Encryption for Multiple Improper Link Resolution Before File Access Vulnerabilities

概要: Dell Encryption remediation is available for multiple Improper Link Resolution Before File Access vulnerabilities that could be exploited by malicious users to compromise the affected system. ...

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

影響

High

詳細情報

This issue occurs only during the installation of Dell Encryption versions earlier than 11.12.1. If you already have Dell Encryption version prior to 11.12.1 installed, you do not need to reinstall, as the vulnerability exists in the installer process only—not the installed application.

詳細

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-46637

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A local malicious user could potentially exploit this vulnerability, leading to Elevation of privileges.

7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-46636

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

6.6

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2025-46637

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A local malicious user could potentially exploit this vulnerability, leading to Elevation of privileges.

7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

CVE-2025-46636

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

6.6

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:HThis hyperlink is taking you to a website outside of Dell Technologies.

 

デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product

Affected Versions

Remediated Versions

Release Date

Link

Dell Encryption

Versions prior to 11.12.1

Version 11.12.1 and later

11/25/2025

https://www.dell.com/support/home/en-in/product-support/product/dell-data-protection-encryption/drivers

 

Product

Affected Versions

Remediated Versions

Release Date

Link

Dell Encryption

Versions prior to 11.12.1

Version 11.12.1 and later

11/25/2025

https://www.dell.com/support/home/en-in/product-support/product/dell-data-protection-encryption/drivers

 

変更履歴

Revision

Date

Description

1.0

2025-12-08

Initial Release

 

確認

Dell Technologies would like to thank falconCorrup for reporting these issues

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的免責事項

対象製品

Dell Encryption
文書のプロパティ
文書番号: 000394657
文書の種類: Dell Security Advisory
最終更新: 08 12月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。