Information disclosure in SupportAssist OS Recovery - CVE-2025-38746
Published: August 7, 2025
Vulnerability identifier: #VU113734
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-38746
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
SupportAssist OS Recovery
SupportAssist OS Recovery
Detailed vulnerability description
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. An attacker with physical access to the system can obtain sensitive data.
How to mitigate CVE-2025-38746
Install updates from vendor's website.