Home

Description

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.

PUBLISHED Reserved 2025-04-21 | Published 2025-10-13 | Updated 2025-10-14 | Assigner dell




MEDIUM: 6.3CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-61: UNIX Symbolic Link (Symlink) Following

Product status

Default status
unaffected

Any version before 4.10.1
affected

Default status
unaffected

Any version before 4.9.0
affected

Credits

Dell would like to thank Carson Chan for reporting this issue. finder

References

www.dell.com/...pportassist-for-business-pcs-vulnerabilities vendor-advisory

cve.org (CVE-2025-43991)

nvd.nist.gov (CVE-2025-43991)

Download JSON