CVE-2025-38746

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.9 / Impact : 2.5

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

D

ell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000353093/dsa-2025-315	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:supportassist_os_recovery:*:*:*:*:*:*:*:*

History

18 Aug 2025, 15:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-06 20:15

Updated : 2025-08-18 15:38

NVD link : CVE-2025-38746

Mitre link : CVE-2025-38746

CVE.ORG link : CVE-2025-38746

JSON object : View

Products Affected

supportassist_os_recovery

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2025-38746", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.4, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.9}]}, "published": "2025-08-06T20:15:27.940", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000353093/dsa-2025-315", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure."}, {"lang": "es", "value": "Dell SupportAssist OS Recovery, versiones anteriores a la 5.5.14.0, contiene una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un agente no autorizado. Un atacante no autenticado con acceso f\u00edsico podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda una divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2025-08-18T15:38:10.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:supportassist_os_recovery:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23BD8270-8E44-4B09-9C58-34B1C76D1AB8", "versionEndExcluding": "5.5.14.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}