Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical improper access control in Dell Data Lakehouse, Patch Immediately!
Image
Published : 14/11/2025
- Last update: 14/11/2025
- Affected software: Dell Data Lakehouse, versions prior to 1.6.0.0
- Type: CWE-284: Improper Access Control
- CVE/CVSS
→ CVE-2025-46608: CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Sources
Dell Advisory - https://www.dell.com/support/kbdoc/en-us/000390529/dsa-2025-375-security-update-for-dell-data-lakehouse-multiple-vulnerabilities
Risks
Dell Data Lakehouse is a data management platform that combines scalability and flexible storage for raw data with structured, high-performance analytics. It is used for analysis, storage, and management of structured and unstructured data and it can be integrated with cloud tools.
On 12 November 2025, Dell published a security update about the vulnerability CVE-2025-46608 and a remediation for it. This vulnerability can be exploited by a remote attacker to conduct Privilege Elevation and take full system control.
There is no evidence that a public proof-of-concept or any proof of exploitation exists as of the 13th of November 2025.
Exploiting this vulnerability can have a high impact in the Confidentiality, Integrity, and Availability of the affected systems.
Description
CVE-2025-46608 is a critical vulnerability which allows a network-based threat actor that already has high privileges to further elevate them. Without any user interaction, the threat actor could gain unauthorized access to the system and compromise it with potentially catastrophic consequences.
This vulnerability stems from incorrect restriction access to system’s resources
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. Please update Dell Data Lakehouse to version 1.6.0.0 or later.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.