Login Sign Up

CVE-2025-21110

6.7 MEDIUM
Denial of Service

📋 TL;DR

Dell Data Lakehouse versions before 1.5.0.0 have a privilege escalation vulnerability where high-privileged local attackers can execute code with unnecessary privileges. This could lead to denial of service attacks. Organizations running affected Dell Data Lakehouse versions are at risk.

💻 Affected Systems

Products:
  • Dell Data Lakehouse
Versions: All versions prior to 1.5.0.0
Operating Systems: Not specified - likely multiple OS platforms supported by Dell Data Lakehouse
Default Config Vulnerable: ⚠️ Yes
Notes: Requires high-privileged local access to exploit. Default installations are vulnerable.

📦 What is this software?

Data Lakehouse by Dell

View all CVEs affecting Data Lakehouse →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation leading to data destruction, service disruption, or lateral movement within the environment.

🟠

Likely Case

Local denial of service affecting the Data Lakehouse service availability, potentially disrupting data analytics operations.

🟢

If Mitigated

Minimal impact if proper access controls and network segmentation prevent local attacker access to vulnerable systems.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over the internet.
🏢 Internal Only: HIGH - High-privileged internal attackers with local access could exploit this to cause service disruption.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires high-privileged local access. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.0.0 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000356822/dsa-2025-313-security-update-for-dell-data-lakehouse-multiple-vulnerabilities

Restart Required: No

Instructions:

1. Download Dell Data Lakehouse version 1.5.0.0 or later from Dell support portal. 2. Follow Dell's upgrade documentation for your specific deployment. 3. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local access to Dell Data Lakehouse systems to only authorized administrators

Implement Least Privilege

all

Review and reduce local user privileges to minimum required for operations

🧯 If You Can't Patch

  • Implement strict access controls to prevent unauthorized local access to Data Lakehouse systems
  • Monitor for unusual local privilege escalation attempts and system modifications

🔍 How to Verify

Check if Vulnerable:

Check Dell Data Lakehouse version via administrative interface or configuration files

Check Version:

Check Dell Data Lakehouse documentation for version query commands specific to your deployment

Verify Fix Applied:

Confirm version is 1.5.0.0 or higher after applying the update

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation attempts
  • Unexpected service restarts or crashes
  • Unauthorized local user activity

Network Indicators:

  • Not applicable - local attack vector

SIEM Query:

source="dell-data-lakehouse" AND (event_type="privilege_escalation" OR event_type="service_crash")

📊 Metadata

CVE ID: CVE-2025-21110
CVSS v3 Score: 6.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
CWE: CWE-250
EPSS Score: 0.02% exploit probability (4.1th percentile)
Published: August 14, 2025
Last Updated: August 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21110, you might also want to check these:

CVE-2022-1517 10.0

CVE-2022-1517 is a critical vulnerability in LRM (likely a network management system) that allows un...

Same vulnerability type (CWE-250)
CVE-2025-32445 9.9

This CVE allows authenticated users with EventSource/Sensor CRUD permissions in Argo Events to escal...

Same vulnerability type (CWE-250)
CVE-2024-8767 9.9

This CVE allows attackers to access and manipulate sensitive data due to excessive privileges assign...

Same vulnerability type (CWE-250)