CVE-2026-25906
Improper Link Resolution in Dell Optimizer Allows Privilege Escalation
Publication date: 2026-03-03
Last updated on: 2026-03-05
Assigner: Dell
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | optimizer | From 6.0.0.0 (inc) to 6.3.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with limited privileges and local access to escalate their privileges on the affected system.
This means the attacker could gain higher-level permissions, potentially leading to unauthorized access to sensitive data, system modifications, or disruption of services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in Dell Optimizer versions prior to 6.3.1 and is classified as an Improper Link Resolution Before File Access, also known as a 'Link Following' vulnerability.
It allows a low privileged attacker who has local access to the system to potentially exploit the flaw, which could lead to an elevation of privileges.