CVE-2025-46685 – Dell SupportAssist OS Recovery versions before ... (How to Fix)

Q: What is the severity of CVE-2025-46685?

CVE-2025-46685 has a CVSS score of 7.5 (HIGH). Dell SupportAssist OS Recovery versions before 5.5.15.1 create temporary files with insecure permissions, allowing local low-privileged attackers to modify these files and potentially gain elevated privileges. This affects Dell systems running vulnerable versions of the SupportAssist OS Recovery software. The vulnerability requires local access to exploit.

📋 TL;DR

Dell SupportAssist OS Recovery versions before 5.5.15.1 create temporary files with insecure permissions, allowing local low-privileged attackers to modify these files and potentially gain elevated privileges. This affects Dell systems running vulnerable versions of the SupportAssist OS Recovery software. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:

Dell SupportAssist OS Recovery

Versions: All versions prior to 5.5.15.1

Operating Systems: Windows, Linux (on Dell systems)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Dell systems with SupportAssist OS Recovery installed. The software is often pre-installed on Dell consumer and business systems.

📦 What is this software?

Supportassist Os Recovery by Dell

View all CVEs affecting Supportassist Os Recovery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full system administrator/root privileges, enabling complete system compromise, data theft, malware installation, and persistence.

🟠

Likely Case

Local user or malware with limited privileges escalates to higher privileges, potentially accessing sensitive data or installing additional malicious software.

🟢

If Mitigated

With proper access controls and monitoring, exploitation attempts are detected and blocked, limiting impact to isolated incidents.

🌐 Internet-Facing: LOW - This vulnerability requires local access and cannot be exploited remotely over the internet.

🏢 Internal Only: HIGH - Internal attackers, compromised accounts, or malware with local access can exploit this to gain elevated privileges on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and low privileges. The CWE-378 pattern suggests relatively straightforward file manipulation attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.5.15.1

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000401506/dsa-2025-456

Restart Required: Yes

Instructions:

1. Open Dell SupportAssist. 2. Check for updates in the software. 3. Install version 5.5.15.1 or later. 4. Alternatively, download the update from Dell's support website. 5. Restart the system after installation.

🔧 Temporary Workarounds

Disable SupportAssist OS Recovery

windows

Temporarily disable the vulnerable software until patching is possible

sc config "SupportAssistAgent" start= disabled
net stop SupportAssistAgent

Restrict local access

all

Implement strict local access controls to limit who can interact with the system

🧯 If You Can't Patch

Implement strict principle of least privilege for all user accounts
Deploy application whitelisting to prevent unauthorized process execution

🔍 How to Verify

Check if Vulnerable:

Check SupportAssist OS Recovery version in the software interface or via 'wmic product get name,version' on Windows

Check Version:

wmic product where "name like 'Dell SupportAssist%'" get name,version

Verify Fix Applied:

Confirm version is 5.5.15.1 or later in SupportAssist settings

📡 Detection & Monitoring

Log Indicators:

Unusual file creation/modification in temporary directories by SupportAssist processes
Unexpected privilege escalation events

Network Indicators:

Not applicable - local vulnerability only

SIEM Query:

EventID=4688 AND ProcessName LIKE '%SupportAssist%' AND NewProcessName IN ('cmd.exe', 'powershell.exe', 'whoami.exe')

📊 Metadata

CVE ID: CVE-2025-46685

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-378

EPSS Score: 0.01% exploit probability (1.7th percentile)

Published: January 13, 2026

Last Updated: February 13, 2026

🔗 References

https://www.dell.com/support/kbdoc/en-us/000401506/dsa-2025-456 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46685, you might also want to check these: