Dell’s encryption and key management solutions, CloudLink and Command Monitor, for managing PC inventories in companies are vulnerable. In the worst case, attackers can gain full control over systems.

Hostile takeover

In a post, the developers state that CloudLink is vulnerable to two security flaws classified as “critical” (CVE-2025-45378, CVE-2025-46364), among others. In both cases, an attacker can completely compromise PCs. However, they must have unspecified privileges to do so.

In the other cases, access to sensitive information is possible, among other things. Attackers can also cause DoS states. The remaining security vulnerabilities are classified with the threat level “high” (CVE-2025-30479, CVE-2025-45379) and “medium” (CVE-2025-46365, CVE-2025-46366, CVE-2025-46424). Further vulnerabilities affect the OpenSSH component (CVE-2025-26465 “medium,” CVE-2025-26466 “medium”). Attackers can use these for a DoS attack, for example.

The developers assure that the vulnerabilities in CloudLink versions 8.1.1 and 8.2 have been resolved. All previous versions are said to be vulnerable. So far, there are no reports of attackers exploiting the vulnerabilities. Admins should still act promptly.

By successfully exploiting the vulnerability (CVE-2025-46990 “high”) in Command Monitor, attackers who already have low user privileges can escalate them. How such attacks could proceed in detail is not yet known.

In a warning message, the developers list the protected version, 10.12.3.28.

Just recently, the data integration platform IBM InfoSphere Information Server was secured against possible attacks.

(des)

Don’t miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.