CVE-2025-43026 – A local privilege escalation vulnerability in H... (How to Fix)

Q: What is the severity of CVE-2025-43026?

CVE-2025-43026 has a CVSS score of 7.8 (HIGH). A local privilege escalation vulnerability in HP Support Assistant allows attackers to write arbitrary files, potentially gaining elevated system privileges. This affects HP Support Assistant versions before 9.44.18.0 on Windows systems where the software is installed.

📋 TL;DR

A local privilege escalation vulnerability in HP Support Assistant allows attackers to write arbitrary files, potentially gaining elevated system privileges. This affects HP Support Assistant versions before 9.44.18.0 on Windows systems where the software is installed.

💻 Affected Systems

Products:

HP Support Assistant

Versions: All versions prior to 9.44.18.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems where HP Support Assistant is installed and running. Many HP consumer and business systems include this software by default.

📦 What is this software?

Support Assistant by Hp

View all CVEs affecting Support Assistant →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains SYSTEM/administrator privileges, enabling complete system compromise, data theft, malware persistence, and lateral movement.

🟠

Likely Case

Local user with limited privileges escalates to administrator to install software, modify system settings, or access protected data.

🟢

If Mitigated

Attack fails due to proper access controls, user account restrictions, or the software being uninstalled/disabled.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.

🏢 Internal Only: HIGH - Internal users with local access to workstations can exploit this to gain administrative privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to the system. The CWE-281 (Improper Preservation of Permissions) suggests improper permission handling during file operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.44.18.0 or later

Vendor Advisory: https://support.hp.com/us-en/document/ish_12617979-12618008-16/hpsbgn04022

Restart Required: Yes

Instructions:

1. Open HP Support Assistant. 2. Check for updates in the application. 3. Install update to version 9.44.18.0 or later. 4. Restart the system.

🔧 Temporary Workarounds

Uninstall HP Support Assistant

windows

Remove the vulnerable software entirely if not needed.

Control Panel > Programs > Uninstall a program > Select HP Support Assistant > Uninstall

Disable HP Support Assistant Service

windows

Stop the service to prevent exploitation while maintaining installation.

sc stop "HP Support Assistant Service"
sc config "HP Support Assistant Service" start= disabled

🧯 If You Can't Patch

Restrict local user privileges to prevent file write operations.
Implement application whitelisting to block unauthorized execution.

🔍 How to Verify

Check if Vulnerable:

Check HP Support Assistant version in the application or via Programs and Features in Control Panel.

Check Version:

wmic product where name="HP Support Assistant" get version

Verify Fix Applied:

Confirm version is 9.44.18.0 or later in HP Support Assistant or installed programs list.

📡 Detection & Monitoring

Log Indicators:

Unusual file writes by HP Support Assistant process
Privilege escalation attempts from non-admin users

Network Indicators:

None - local exploitation only

SIEM Query:

EventID=4688 AND ProcessName="*HPSupportAssistant*" AND NewProcessName="*cmd*" OR NewProcessName="*powershell*"

📊 Metadata

CVE ID: CVE-2025-43026

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-281

EPSS Score: 0.01% exploit probability (1.9th percentile)

Published: June 5, 2025

Last Updated: January 13, 2026

🔗 References

https://support.hp.com/us-en/document/ish_12617979-12618008-16/hpsbgn04022 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43026, you might also want to check these: