CVE-2025-43991

6.3 MEDIUM

Published: October 13, 2025 Modified: November 04, 2025

Description

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://www.dell.com/support/kbdoc/en-us/000378367/dsa-2025-362-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

1 reference(s) from NVD

Quick Stats

CVSS v3 Score

6.3 / 10.0

EPSS (Exploit Probability)

0.0%

2th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-61

Affected Vendors

dell

Related CVEs

CVE-2026-4176 N/A

CVE-2026-4946 8.8

CVE-2026-0562 8.3

CVE-2026-0560 7.5

CVE-2026-0558 7.5