CVE-2025-43026

Published: Jun 5, 2025Modified: Jan 13, 2026

7.1

Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: hp-security-alert@hp.com (Secondary)

Description

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.

Affected (1)

Products: Hp: Support Assistant

1 product

Support Assistant

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hp Support Assistant	Before 9.44.18.0

Related CWEs

CWE-281

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (1)

https://support.hp.com/us-en/document/ish_12617979-12618008-16/hpsbgn04022

Source: hp-security-alert@hp.com

Vendor Advisory

Timeline

No history available yet.