CVE-2025-46637 – Dell Encryption versions before 11.12.1 contain... (How to Fix)

Q: What is the severity of CVE-2025-46637?

CVE-2025-46637 has a CVSS score of 7.3 (HIGH). Dell Encryption versions before 11.12.1 contain a link-following vulnerability that allows local attackers to escalate privileges. This affects systems running vulnerable Dell Encryption software where a malicious local user could exploit improper symlink resolution.

📋 TL;DR

Dell Encryption versions before 11.12.1 contain a link-following vulnerability that allows local attackers to escalate privileges. This affects systems running vulnerable Dell Encryption software where a malicious local user could exploit improper symlink resolution.

💻 Affected Systems

Products:

Dell Encryption

Versions: All versions prior to 11.12.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Dell Encryption to be installed and running. Local user access needed for exploitation.

📦 What is this software?

Encryption by Dell

View all CVEs affecting Encryption →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full system administrator privileges, potentially compromising the entire system and accessing sensitive encrypted data.

🟠

Likely Case

Local user with limited privileges escalates to higher privileges, allowing installation of malware, data theft, or persistence mechanisms.

🟢

If Mitigated

With proper access controls and monitoring, exploitation attempts are detected and blocked before privilege escalation occurs.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.

🏢 Internal Only: HIGH - Any local user on affected systems could potentially exploit this vulnerability to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of the vulnerability. No public exploit code identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.12.1 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000394657/dsa-2025-442

Restart Required: Yes

Instructions:

1. Download Dell Encryption version 11.12.1 or later from Dell Support. 2. Backup system and data. 3. Run the installer with administrative privileges. 4. Restart the system as prompted.

🔧 Temporary Workarounds

Restrict local user access

windows

Limit local user accounts and implement least privilege principles to reduce attack surface.

Monitor for suspicious activity

windows

Implement monitoring for privilege escalation attempts and unusual file access patterns.

🧯 If You Can't Patch

Implement strict access controls and limit local user privileges
Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Dell Encryption version in Control Panel > Programs and Features or via command: wmic product where "name like 'Dell Encryption%'" get version

Check Version:

wmic product where "name like 'Dell Encryption%'" get version

Verify Fix Applied:

Verify installed version is 11.12.1 or later using same version check method

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in Dell Encryption logs
Windows Security logs showing privilege escalation attempts

Network Indicators:

No network indicators - local vulnerability only

SIEM Query:

EventID=4688 AND ProcessName LIKE '%dellencryption%' AND CommandLine CONTAINS 'symlink' OR 'junction'

📊 Metadata

CVE ID: CVE-2025-46637

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-59

EPSS Score: 0.01% exploit probability (1.7th percentile)

Published: December 9, 2025

Last Updated: December 10, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000394657/dsa-2025-442 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46637, you might also want to check these: