Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system integrity.
The flaw, tracked as CVE-2025-46608, carries a maximum CVSS severity score of 9.1, indicating an exceptionally high risk to affected environments.
| CVE ID | Product | Affected Versions | Remediated Versions | CVSS Base Score |
|---|---|---|---|---|
| CVE-2025-46608 | Dell Data Lakehouse | Versions prior to 1.6.0.0 | Version 1.6.0.0 or later | 9.1 |
Vulnerability Details
The vulnerability stems from an Improper Access Control issue in Dell Data Lakehouse versions before 1.6.0.0.
According to Dell’s advisory, a highly privileged attacker with remote network access could exploit this flaw to gain elevated privileges on affected systems.
The attack requires no user interaction and operates over the network, making it a particularly dangerous threat vector.
Dell classifies this vulnerability as Critical because successful exploitation could lead to unauthorized access with elevated privileges, fundamentally compromising system integrity and potentially exposing customer data to theft or manipulation.
The CVSS vector string [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A: H] indicates that while the vulnerability requires high-level privileges to initiate the attack, once exploited, it could impact confidentiality, integrity, and availability across the entire system and its connected resources.
Organizations running Dell Data Lakehouse versions before 1.6.0.0 are immediately at risk. Dell has issued a security advisory, DSA-2025-375, outlining the scope of affected deployments and providing mitigation guidance.
The recommended remediation path is straightforward: upgrade to Dell Data Lakehouse version 1.6.0.0 or later as soon as possible.
Dell Technologies strongly encourages customers to prioritize this patching effort, given the critical nature of the vulnerability and the potential for widespread system compromise.
For organizations requiring technical assistance with the upgrade process or clarification on their specific deployment status.
Dell recommends contacting Technical Support directly and referencing advisory DSA-2025-375 to expedite the support interaction.
Given the severity rating and the requirement for high-level privileges to execute the attack, organizations should treat this vulnerability with urgency.
Security teams should immediately inventory their Dell Data Lakehouse deployments to identify all affected instances, assess business continuity impacts of applying patches, and develop a deployment schedule that balances urgency with stability considerations.
Additionally, organizations should monitor their systems for suspicious activity involving high-privileged accounts, as this could indicate exploitation attempts.
Consider implementing enhanced monitoring and access controls around administrative accounts until patching is complete.
Dell’s swift disclosure and clear remediation path provide security teams with the information needed to act decisively.
Organizations should treat the upgrade to version 1.6.0.0 as a critical priority to eliminate this significant security risk from their infrastructure.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.