CVE-2025-43019
📋 TL;DR
CVE-2025-43019 is a local privilege escalation vulnerability in HP Support Assistant that allows authenticated attackers to delete arbitrary files, potentially enabling elevation to SYSTEM privileges. This affects Windows systems with vulnerable versions of HP Support Assistant installed. The vulnerability requires local access to the system.
💻 Affected Systems
- HP Support Assistant
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with local access could delete critical system files, disable security software, or manipulate system configurations to gain full SYSTEM privileges and complete control of the affected system.
Likely Case
Malicious local users or malware with user-level access could escalate privileges to SYSTEM level, bypass security controls, and establish persistence on compromised systems.
If Mitigated
With proper access controls and least privilege principles, the impact is limited to users who already have administrative access or can be contained through application sandboxing.
🎯 Exploit Status
Requires local authenticated access. The arbitrary file deletion primitive can be leveraged for privilege escalation through various techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: HP Support Assistant 9.15.6.0 or later
Vendor Advisory: https://support.hp.com/us-en/document/ish_12715930-12715980-16/hpsbgn04031
Restart Required: Yes
Instructions:
1. Open HP Support Assistant. 2. Click 'Updates' tab. 3. Install available updates. 4. Alternatively, download and install version 9.15.6.0 or later from HP's website. 5. Restart the system after installation.
🔧 Temporary Workarounds
Uninstall HP Support Assistant
windowsRemove the vulnerable software entirely if not required
Control Panel > Programs > Uninstall a program > Select HP Support Assistant > Uninstall
Restrict File Permissions
windowsApply strict ACLs to critical system directories
icacls C:\Windows\System32 /deny "Users":(OI)(CI)F
icacls C:\ProgramData /deny "Users":(OI)(CI)F
🧯 If You Can't Patch
- Implement strict least privilege principles - ensure users operate with minimal necessary permissions
- Deploy application control solutions to restrict execution of HP Support Assistant and monitor for suspicious file deletion activities
🔍 How to Verify
Check if Vulnerable:
Check HP Support Assistant version: Open HP Support Assistant > Click 'About' or check version in Control Panel > Programs and FeaturesCheck Version:
wmic product where "name like 'HP Support Assistant%'" get versionVerify Fix Applied:
Verify version is 9.15.6.0 or higher in HP Support Assistant About dialog or Programs and Features📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs: Security logs showing file deletion events from HP Support Assistant process
- Application logs showing HP Support Assistant errors or unexpected behavior
Network Indicators:
- No network indicators - local vulnerability only
SIEM Query:
EventID=4663 AND ProcessName="*HPSupportAssistant*" AND AccessMask="0x10000" (Delete)