Insecure Permissions Vulnerability in Dell SupportAssist OS Recovery
CVE-2025-46685

7.5HIGH

Key Information:

Vendor: Dell
Status: Supportassist Os Recovery
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-46685?

Dell SupportAssist OS Recovery versions earlier than 5.5.15.1 are susceptible to a vulnerability that allows an attacker with low-level access to exploit insecure permissions associated with temporary files. This could lead to unauthorized elevation of privileges, granting higher access rights than intended, thus compromising the security of the system.

Affected Version(s)

SupportAssist OS Recovery < 5.5.15.1

References

https://www.dell.com/support/kbdoc/en-us/000401506/dsa-20...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Apr 27, 2025

Credit

Dell Technologies would like to thank falconCorrup for reporting these issues.

JSON