Description
Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Published: 2026-03-03
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

An improper link resolution before file access flaw allows a local user to manipulate symbolic or shortcut links, tricking Dell Optimizer into accessing files it should not read or execute. This flaw can result in privilege escalation, giving the attacker higher rights on the system. The weakness is characterized by CWE‑59.

Affected Systems

Any installation of Dell Optimizer older than version 6.3.1 is affected. This includes all variants of the product distributed under the Dell:Optimizer CPE. Users should verify their installed version and consider the update if they remain on an older build.

Risk and Exploitability

The CVSS score of 7.3 reflects a moderate to high severity, while the EPSS score of less than 1% indicates a low likelihood of active exploitation at the present time. The vulnerability is not listed in CISA's KEV catalog. Because the attack requires local, low‑privileged access, the exploitation vector is limited to users who can run Optimizer or influence its environment, and an attacker would need to create or manipulate a link to trigger the flaw.

Generated by OpenCVE AI on April 16, 2026 at 13:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dell Optimizer to version 6.3.1 or later to remove the link resolution flaw.
  • Restrict permissions on directories accessed by Dell Optimizer so that non‑administrative users cannot create or modify symbolic links or shortcuts that could be exploited during file access.
  • Enable system audit logging for file system changes and monitor for unusual link or shortcut creation that could indicate an attempted privilege escalation.

Generated by OpenCVE AI on April 16, 2026 at 13:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Title Improper Link Resolution in Dell Optimizer Enables Local Privilege Escalation

Thu, 05 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dell:optimizer:*:*:*:*:*:*:*:*

Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell optimizer
Vendors & Products Dell
Dell optimizer

Tue, 03 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Optimizer
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-03-05T04:55:38.765Z

Reserved: 2026-02-08T18:05:27.450Z

Link: CVE-2026-25906

cve-icon Vulnrichment

Updated: 2026-03-03T21:16:47.776Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T21:15:58.520

Modified: 2026-03-05T21:24:41.673

Link: CVE-2026-25906

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:00:19Z

Weaknesses