CVE-2025-36612

Published: Aug 14, 2025Modified: Aug 18, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Affected (1)

Products: Dell: Supportassist For Business Pcs

Dell

1 product

Supportassist For Business Pcs

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Supportassist For Business Pcs	Before 4.9.0

Related CWEs

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (1)

https://www.dell.com/support/kbdoc/en-us/000356690/dsa-2025-296-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.