Weak Password Recovery Mechanism in Dell Client Platform BIOS
CVE-2025-36579

5.1MEDIUM

Key Information:

Vendor: Dell
Status: Dell Pro 14 Essential Pv14250; Dell Pro Micro / Qcm1255; Dell Pro Slim / Qcs1255; Dell Pro Tower / Qct1255
Vendor: CVE Published:; 16 April 2026

What is CVE-2025-36579?

Dell Client Platform BIOS has a vulnerability related to its password recovery mechanism, which is weak and could potentially allow an unauthenticated attacker with physical access to the system to exploit it, resulting in unauthorized access to sensitive configurations.

Affected Version(s)

Alienware 16 Area-51 AA16250 0 < 1.9.0

Alienware 16X Aurora AC16251 0 < 1.8.1

Alienware 18 Area-51 AA18250 0 < 1.9.0

References

https://www.dell.com/support/kbdoc/en-us/000300450/dsa-20...

vendor-advisory

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 15, 2025

Credit

Dell Technologies would like to thank Bill Demirkapi of the Microsoft Security Response Center for reporting this issue.

CVE-2025-36579 Data

JSON