CVE-2025-46636 – Dell Encryption versions before 11.12.1 contain... (How to Fix)

Q: What is the severity of CVE-2025-46636?

CVE-2025-46636 has a CVSS score of 6.6 (MEDIUM). Dell Encryption versions before 11.12.1 contain a link following vulnerability that allows local low-privileged attackers to manipulate symbolic links or junctions to tamper with files they shouldn't have access to. This affects organizations using Dell Encryption for data protection on Windows systems.

📋 TL;DR

Dell Encryption versions before 11.12.1 contain a link following vulnerability that allows local low-privileged attackers to manipulate symbolic links or junctions to tamper with files they shouldn't have access to. This affects organizations using Dell Encryption for data protection on Windows systems.

💻 Affected Systems

Products:

Dell Encryption

Versions: All versions prior to 11.12.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access with low privileges. Dell Encryption must be installed and running.

📦 What is this software?

Encryption by Dell

View all CVEs affecting Encryption →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker could tamper with critical system files, encryption keys, or configuration files, potentially disabling encryption or gaining unauthorized access to protected data.

🟠

Likely Case

Local user could modify application files, configuration, or logs to disrupt encryption operations or gain persistence.

🟢

If Mitigated

With proper access controls and monitoring, impact limited to isolated file tampering within user's permitted directories.

🌐 Internet-Facing: LOW - Requires local access to exploit.

🏢 Internal Only: MEDIUM - Insider threat or compromised local account could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of symbolic link manipulation techniques. No public exploit code identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.12.1 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000394657/dsa-2025-442

Restart Required: Yes

Instructions:

1. Download Dell Encryption 11.12.1 or later from Dell Support. 2. Backup encryption keys. 3. Install update with administrative privileges. 4. Restart system. 5. Verify encryption functionality.

🔧 Temporary Workarounds

Restrict Local Access

windows

Limit local user access to systems with Dell Encryption installed

Monitor Symbolic Link Creation

windows

Enable auditing for symbolic link and junction creation events

auditpol /set /subcategory:"File System" /success:enable /failure:enable

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges on affected systems.
Deploy endpoint detection and response (EDR) to monitor for suspicious file manipulation activities.

🔍 How to Verify

Check if Vulnerable:

Check Dell Encryption version in Control Panel > Programs and Features or via command: wmic product where "name like 'Dell Encryption%'" get version

Check Version:

wmic product where "name like 'Dell Encryption%'" get version

Verify Fix Applied:

Verify version is 11.12.1 or higher using same method as checking vulnerability

📡 Detection & Monitoring

Log Indicators:

Windows Security event logs showing symbolic link creation (Event ID 4656)
Application logs showing unexpected file access by Dell Encryption processes

Network Indicators:

No network indicators - local attack only

SIEM Query:

source="windows_security" AND event_id=4656 AND object_name="*\Dell\Encryption\*"

📊 Metadata

CVE ID: CVE-2025-46636

CVSS v3 Score: 6.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

CWE: CWE-59

EPSS Score: 0.01% exploit probability (0.7th percentile)

Published: December 9, 2025

Last Updated: December 10, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000394657/dsa-2025-442 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46636, you might also want to check these: