DSA-2025-315: Security Update for Dell SupportAssist OS Recovery for Multiple Vulnerabilities
Summary: Dell SupportAssist OS Recovery remediation is available for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
High
Details
|
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-38747 |
Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges. |
7.8 |
|
|
CVE-2025-38746 |
Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. |
3.5 |
|
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
|
CVE-2025-38747 |
Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges. |
7.8 |
|
|
CVE-2025-38746 |
Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. |
3.5 |
Affected Products & Remediation
|
Product |
Affected Versions |
Remediated Versions |
Release date (MM/DD/YYYY) |
Link |
|
Dell SupportAssist OS Recovery |
Versions prior to 5.5.14.0 |
Version 5.5.14.0 or later |
08/05/2025 |
|
Product |
Affected Versions |
Remediated Versions |
Release date (MM/DD/YYYY) |
Link |
|
Dell SupportAssist OS Recovery |
Versions prior to 5.5.14.0 |
Version 5.5.14.0 or later |
08/05/2025 |
Dell SupportAssist OS Recovery application assists in Disk Cloning, Reset, Repair functions.
To verify your device is running the remediated version of Dell SupportAssist OS Recovery, follow below steps:
- During boot, press F12 to enter boot settings.
- Select the SupportAssist OS Recovery option in boot menu.
- On load, in splash screen or from the About menu, verify the version information in the launched application.
- If version is 5.5.14.0 or later, then your device is running the remediated version.
OR
- Goto Control Panel -> Programs and Features.
- Check the version information for Dell SupportAssist Remediation.
- If version is 5.5.14.0 or later, then your device is running the remediated version.
If the version is lower than 5.5.14.0 version, please follow below steps to install the 5.5.14.0 version or later:
- Launch Dell SupportAssist OS Recovery application from Windows Start menu.
- Click on Update Software in Home page.
- Select the checkbox for “Check for Updates”.
- Click on Start button to install update.
Revision History
|
Revision |
Date |
Description |
|
1.0 |
2025-08-06 |
Initial Release |
Acknowledgements
CVE-2025-38747: Dell Technologies would like to thank falconCorrup for reporting this issue.
CVE-2025-38746: Dell Technologies would like to thank bugzzzhunter for reporting this issue.
Related Information
Legal Disclaimer
Affected Products
SupportAssist OS RecoveryArticle Properties
Article Number: 000353093
Article Type: Dell Security Advisory
Last Modified: 06 Aug 2025
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.