CVE-2025-38746

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.9 / Impact : 2.5

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000353093/dsa-2025-315	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:supportassist_os_recovery:*:*:*:*:*:*:*:*

History

18 Aug 2025, 15:38

Type	Values Removed	Values Added
CPE		cpe:2.3:a:dell:supportassist_os_recovery::::::::
First Time		Dell supportassist Os Recovery Dell
References	~~() https://www.dell.com/support/kbdoc/en-us/000353093/dsa-2025-315 -~~	() https://www.dell.com/support/kbdoc/en-us/000353093/dsa-2025-315 - Vendor Advisory
Summary		(es) Dell SupportAssist OS Recovery, versiones anteriores a la 5.5.14.0, contiene una vulnerabilidad de exposición de información confidencial a un agente no autorizado. Un atacante no autenticado con acceso físico podría explotar esta vulnerabilidad, lo que provocaría una divulgación de información.

06 Aug 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-06 20:15

Updated : 2025-08-18 15:38

NVD link : CVE-2025-38746

Mitre link : CVE-2025-38746

CVE.ORG link : CVE-2025-38746

JSON object : View

Products Affected

dell

supportassist_os_recovery

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2025-38746", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.4, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.9}]}, "published": "2025-08-06T20:15:27.940", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000353093/dsa-2025-315", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure."}, {"lang": "es", "value": "Dell SupportAssist OS Recovery, versiones anteriores a la 5.5.14.0, contiene una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un agente no autorizado. Un atacante no autenticado con acceso f\u00edsico podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda una divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2025-08-18T15:38:10.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:supportassist_os_recovery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23BD8270-8E44-4B09-9C58-34B1C76D1AB8", "versionEndExcluding": "5.5.14.0"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}