CVE-2025-36612

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-36612
SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.dell.com/support/kbdoc/en-us/000356690/dsa-2025-296-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:supportassist_for_business_pcs:*:*:*:*:*:*:*:*
History

18 Aug 2025, 18:14

Type Values Removed Values Added
References () https://www.dell.com/support/kbdoc/en-us/000356690/dsa-2025-296-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities - () https://www.dell.com/support/kbdoc/en-us/000356690/dsa-2025-296-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities - Vendor Advisory
CPE cpe:2.3:a:dell:supportassist_for_business_pcs:*:*:*:*:*:*:*:*
Summary
  • (es) Las PC de SupportAssist para empresas, versión 4.5.3 y anteriores, presentan una vulnerabilidad de asignación incorrecta de privilegios. Un atacante con pocos privilegios y acceso local podría explotar esta vulnerabilidad, lo que conllevaría una elevación de privilegios.
First Time Dell
Dell supportassist For Business Pcs

14 Aug 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-14 15:15

Updated : 2025-08-18 18:14

NVD link : CVE-2025-36612

Mitre link : CVE-2025-36612

CVE.ORG link : CVE-2025-36612

JSON object : View

Products Affected

dell

  • supportassist_for_business_pcs
CWE
CWE-266

Incorrect Privilege Assignment