Insecure Permissions Vulnerability in Dell SupportAssist OS Recovery
CVE-2025-46684

6.6MEDIUM

Key Information:

Vendor: Dell
Status: Supportassist Os Recovery,
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-46684?

Dell SupportAssist OS Recovery versions prior to 5.5.15.1 are vulnerable to a security flaw that allows low-privileged users with local access to exploit temporary files that are created with insecure permissions. This could lead to unauthorized information modifications, affecting the integrity of the system. Users are encouraged to update to the latest version to mitigate this risk.

Affected Version(s)

SupportAssist OS Recovery, < 5.5.15.1

References

https://www.dell.com/support/kbdoc/en-us/000401506/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Apr 27, 2025

Credit

Dell Technologies would like to thank falconCorrup for reporting these issues.

JSON