CVE-2025-43991

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000378367/dsa-2025-362-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:supportassist_for_business_pcs::::::::
	cpe:2.3:a:dell:supportassist_for_home_pcs::::::::

History

04 Nov 2025, 15:24

Type	Values Removed	Values Added
CPE		cpe:2.3:a:dell:supportassist_for_business_pcs:::::::: cpe:2.3:a:dell:supportassist_for_home_pcs::::::::
References	~~() https://www.dell.com/support/kbdoc/en-us/000378367/dsa-2025-362-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities -~~	() https://www.dell.com/support/kbdoc/en-us/000378367/dsa-2025-362-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities - Vendor Advisory
First Time		Dell supportassist For Business Pcs Dell Dell supportassist For Home Pcs

13 Oct 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-13 15:16

Updated : 2025-11-04 15:24

NVD link : CVE-2025-43991

Mitre link : CVE-2025-43991

CVE.ORG link : CVE-2025-43991

JSON object : View

Products Affected

dell

supportassist_for_business_pcs
supportassist_for_home_pcs

CWE

CWE-61

UNIX Symbolic Link (Symlink) Following

6.3 /10