DSA-2025-403: Security Update for Dell SupportAssist OS Recovery for an Insertion of Sensitive Information into Externally Accessible File or Directory Vulnerability

概要: Dell SupportAssist OS Recovery remediation is available for an Insertion of Sensitive Information into Externally Accessible File or Directory vulnerability that could be exploited by malicious users to compromise the affected system. ...

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。
他のリソースを確認する

影響

Medium

詳細

Proprietary Code CVE

Description

CVSS Base Score

CVSS Vector String

CVE-2025- 46602

Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

4.4

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVE

Description

CVSS Base Score

CVSS Vector String

CVE-2025- 46602

Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

4.4

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

デル・テクノロジーズでは、すべてのお客様に対して、CVSSベース スコアに加えて、特定のセキュリティの脆弱性に付随する潜在的な重要度に影響する可能性のある現状スコアや環境スコアも考慮することをお勧めしています。

影響を受ける製品と修復

Product

Affected Versions

Remediated Versions

Release date (MM/DD/YYYY)

Link

Dell SupportAssist OS Recovery

Versions prior to 5.5.15.0

Version 5.5.15.0 or later

10/24/2025

https://www.dell.com/support/kbdoc/en-us/000177401/restore-your-system-using-dell-supportassist-os-recovery

 

Product

Affected Versions

Remediated Versions

Release date (MM/DD/YYYY)

Link

Dell SupportAssist OS Recovery

Versions prior to 5.5.15.0

Version 5.5.15.0 or later

10/24/2025

https://www.dell.com/support/kbdoc/en-us/000177401/restore-your-system-using-dell-supportassist-os-recovery

 

Dell SupportAssist OS Recovery application assists in Disk Cloning, Reset, Repair functions.

To verify your device is running the remediated version of Dell SupportAssist OS Recovery, follow below steps:

  1. During boot, press F12 to enter boot settings.
  2. Select the SupportAssist OS Recovery option in boot menu.
  3. On load, in splash screen or from the About menu, verify the version information in the launched application.
  4. If version is 5.5.15.0 or later, then your device is running the remediated version.

OR

  1. Goto Control Panel -> Programs and Features.
  2. Check the version information for Dell SupportAssist Remediation.
  3. If version is 5.5.15.0 or later, then your device is running the remediated version.

 

If the version is lower than 5.5.15.0 version, please follow below steps to install the 5.5.15.0 version or later:

  1. Launch Dell SupportAssist OS Recovery application from Windows Start menu.
  2. Click on Update Software in Home page.
  3. Select the checkbox for “Check for Updates”.
  4. Click on Start button to install update.

変更履歴

Revision

Date

Description

1.0

2025-10-27

Initial Release

 

確認

CVE-2025-46602: Dell Technologies would like to thank Marius Gabriel Mihai for reporting this issue.

関連情報

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法的免責事項

対象製品

SupportAssist OS Recovery
文書のプロパティ
文書番号: 000382443
文書の種類: Dell Security Advisory
最終更新: 27 10月 2025
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。