Improper Access Control in Dell Data Lakehouse Software
CVE-2025-46608

9.1CRITICAL

Key Information:

Vendor: Dell
Status: Data Lakehouse
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-46608?

Dell Data Lakehouse versions prior to 1.6.0.0 are susceptible to an Improper Access Control vulnerability. A malicious actor with elevated privileges and remote access could exploit this flaw, potentially leading to unauthorized access and privilege escalation. This risk poses a significant threat to system integrity and customer data security. Users are urged to upgrade to the latest version promptly to mitigate potential risks. For further details, refer to the vendor's advisory linked here: Dell Security Advisory.

Affected Version(s)

Data Lakehouse < 1.6.0.0

References

https://www.dell.com/support/kbdoc/en-us/000390529/dsa-20...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 25, 2025

JSON