CVE-2025-43991

Published: Oct 13, 2025Modified: Nov 4, 2025

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.

Affected (2)

Products: Dell: Supportassist For Business Pcs, Supportassist For Home Pcs

2 products

Supportassist For Business Pcs

Supportassist For Home Pcs

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Supportassist For Business Pcs	Before 4.5.3.25254
Dell Supportassist For Home Pcs	Before 4.8.2.29006

Related CWEs

UNIX Symbolic Link (Symlink) Following

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

References (1)

https://www.dell.com/support/kbdoc/en-us/000378367/dsa-2025-362-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

Timeline

No history available yet.