Symlink Vulnerability in Dell SupportAssist for Home and Business PCs
CVE-2025-43991

6.3MEDIUM

Key Information:

Vendor: Dell
Status: Supportassist For Home Pcs; Supportassist For Business Pcs
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-43991?

The SupportAssist software, used for home and business PCs, is vulnerable to a UNIX Symbolic Link (Symlink) issue. This security flaw allows a low-privilege attacker with local access to potentially exploit the vulnerability and delete arbitrary files on the affected system, leading to a compromise of the data integrity.

Affected Version(s)

SupportAssist for Business PCs < 4.9.0

SupportAssist for Home PCs < 4.10.1

References

https://www.dell.com/support/kbdoc/en-us/000378367/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Apr 21, 2025

Credit

Dell would like to thank Carson Chan for reporting this issue.

JSON