Symbolic Link Attack Vulnerability in Dell SupportAssist OS Recovery
CVE-2025-22480

7.8HIGH

Key Information:

Vendor: Dell
Status: Dell Supportassist Os Recovery
Vendor: CVE Published:; 13 February 2025

What is CVE-2025-22480?

Dell SupportAssist OS Recovery prior to version 5.5.13.1 is vulnerable to a symbolic link attack that may be exploited by low-privileged attackers with local access. Exploiting this vulnerability could allow attackers to execute arbitrary file deletions and possibly escalate privileges within the system, compromising overall security.

Affected Version(s)

Dell SupportAssist OS Recovery < 5.5.13.1

References

https://www.dell.com/support/kbdoc/en-us/000275712/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Dell Technologies would like to thank mdanilor for reporting this issue.