Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges

Dell Technologies has disclosed a critical security vulnerability in its Data Lakehouse platform that could allow remote attackers to escalate privileges and compromise system integrity.

The flaw, tracked as CVE-2025-46608, affects all versions before 1.6.0.0 and has been assigned a CVSS score of 9.1, placing it in the critical severity category.

The security flaw stems from an improper access control vulnerability in Dell Data Lakehouse. A highly privileged attacker with remote access could exploit this weakness to elevate their privileges beyond their authorized level.

Dell Data Lakehouse Vulnerability

The vulnerability is particularly concerning because it requires low attack complexity and no user interaction. Making exploitation relatively straightforward for attackers who have already gained high-level access to the system.

The vulnerability can be exploited over the network, with a broader scope, potentially affecting resources beyond the vulnerable component.

Successful exploitation could result in high impact on the security, integrity, and availability of the system.

Dell Technologies has classified this vulnerability as critical due to its potential to grant unauthorized access with elevated privileges, leading to complete compromise of system integrity and customer data.

Attackers exploiting this flaw could access sensitive information, modify critical data, or interrupt system operations.

Dell has released version 1.6.0.0 of Data Lakehouse to address this vulnerability. The company strongly recommends that all customers upgrade to the latest version immediately to mitigate the risk.

Users running affected versions should contact Dell Technical Support and reference advisory DSA-2025-375 for assistance with the upgrade process.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.