CVE-2025-43991
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-13
Last updated on: 2025-11-04
Assigner: Dell
Description
Description
SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | supportassist_for_business_pcs | to 4.5.3.25254 (exc) |
| dell | supportassist_for_home_pcs | to 4.8.2.29006 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-61 | The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a UNIX Symbolic Link (Symlink) following issue in SupportAssist for Home PCs (versions 4.8.2 and prior) and SupportAssist for Business PCs (versions 4.5.3 and prior). It allows a low privileged attacker with local access to the system to exploit the vulnerability to delete arbitrary files on the affected system.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a low privileged local attacker to delete arbitrary files on your system, which could lead to loss of important data or disruption of system operations.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70