CVE-2025-38738

SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000356690/dsa-2025-296-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:supportassist_for_home_pcs:*:*:*:*:*:*:*:*

History

18 Aug 2025, 18:07

Type	Values Removed	Values Added
CPE		cpe:2.3:a:dell:supportassist_for_home_pcs::::::::
First Time		Dell Dell supportassist For Home Pcs
References	~~() https://www.dell.com/support/kbdoc/en-us/000356690/dsa-2025-296-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000356690/dsa-2025-296-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities - Vendor Advisory
Summary		(es) Las versiones 4.8.2.29006 y anteriores del instalador de SupportAssist para PC doméstico contienen una vulnerabilidad de asignación incorrecta de privilegios. Un atacante con pocos privilegios y acceso local podría explotar esta vulnerabilidad, lo que conllevaría una elevación de privilegios.

14 Aug 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-14 15:15

Updated : 2025-08-18 18:07

NVD link : CVE-2025-38738

Mitre link : CVE-2025-38738

CVE.ORG link : CVE-2025-38738

JSON object : View

Products Affected

dell

supportassist_for_home_pcs

CWE

CWE-266

Incorrect Privilege Assignment

6.7 /10