Vulnerabilities ›

CVE-2025-46685

High

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially

CWE-378 — Weakness Type

                    Published: Jan 13, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

🤖 AI Executive Summary

Dell SupportAssist OS Recovery versions before 5.5.15.1 contain a temporary file permission vulnerability (CWE-378) allowing local privilege escalation. With a CVSS score of 7.5, this affects organizations using Dell systems for OS recovery operations. Immediate patching is critical as the vulnerability requires only local access and low privileges to exploit.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 2, 2026 03:55

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations most affected include: (1) Banking sector (SAMA-regulated banks) using Dell infrastructure for critical system recovery and business continuity; (2) Government entities (NCA, NCSC oversight) managing sensitive data on Dell systems; (3) Healthcare institutions (MOH, private hospitals) relying on Dell OS recovery for patient data systems; (4) Energy sector (ARAMCO, utilities) using Dell systems for operational technology; (5) Telecommunications (STC, Mobily) managing network infrastructure. The vulnerability enables privilege escalation from standard user to system administrator level, potentially compromising entire system integrity and data confidentiality.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare and Medical Institutions Energy and Utilities Telecommunications Critical Infrastructure Defense and Security

🎯 MITRE ATT&CK Techniques

T1548.002 - Abuse Elevation Control Mechanism: Bypass User Account Control T1548.003 - Abuse Elevation Control Mechanism: Sudo and Sudo Caching T1134.003 - Access Token Manipulation: Make and Impersonate Token T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder T1574.008 - Hijack Execution Flow: DLL Search Order Hijacking T1222.001 - File and Directory Permissions Modification: Windows File and Directory Permissions Modification

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Dell SupportAssist OS Recovery installations across your infrastructure using asset management tools

2. Restrict local access to systems running vulnerable versions through access control lists and physical security measures

3. Disable SupportAssist OS Recovery if not actively required

PATCHING GUIDANCE:

1. Upgrade Dell SupportAssist OS Recovery to version 5.5.15.1 or later immediately

2. Prioritize patching for systems with sensitive data or critical operations

3. Test patches in non-production environments before enterprise deployment

4. Maintain audit logs of all patch deployment activities

COMPENSATING CONTROLS (if immediate patching not possible):

1. Implement strict file system permissions monitoring on temporary directories (/tmp, %TEMP%)

2. Deploy endpoint detection and response (EDR) solutions to monitor privilege escalation attempts

3. Enforce principle of least privilege - remove unnecessary local admin rights

4. Implement application whitelisting to prevent unauthorized execution

5. Monitor and restrict local user account creation and modification

DETECTION RULES:

1. Monitor for suspicious file creation in temporary directories with world-readable/writable permissions

2. Alert on unexpected privilege escalation events from standard users

3. Track SupportAssist OS Recovery process execution and child processes

4. Monitor for exploitation patterns: temporary file access followed by privilege escalation

5. Implement file integrity monitoring on SupportAssist installation directories

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع تثبيتات Dell SupportAssist OS Recovery عبر البنية التحتية باستخدام أدوات إدارة الأصول

2. تقييد الوصول المحلي للأنظمة التي تعمل بإصدارات ضعيفة من خلال قوائم التحكم في الوصول والتدابير الأمنية المادية

3. تعطيل SupportAssist OS Recovery إذا لم يكن مطلوبًا بنشاط

إرشادات التصحيح:

1. ترقية Dell SupportAssist OS Recovery إلى الإصدار 5.5.15.1 أو أحدث فورًا

2. إعطاء الأولوية لتصحيح الأنظمة التي تحتوي على بيانات حساسة أو عمليات حرجة

3. اختبار التصحيحات في بيئات غير الإنتاج قبل نشرها على مستوى المؤسسة

4. الحفاظ على سجلات التدقيق لجميع أنشطة نشر التصحيحات

الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكنًا):

1. تنفيذ مراقبة صارمة لأذونات نظام الملفات في الدلائل المؤقتة

2. نشر حلول الكشف والاستجابة على نقاط النهاية لمراقبة محاولات تصعيد الامتيازات

3. فرض مبدأ أقل امتياز - إزالة حقوق المسؤول المحلي غير الضرورية

4. تنفيذ القائمة البيضاء للتطبيقات لمنع التنفيذ غير المصرح به

5. مراقبة وتقييد إنشاء وتعديل حسابات المستخدمين المحليين

قواعد الكشف:

1. مراقبة إنشاء الملفات المريبة في الدلائل المؤقتة بأذونات قابلة للقراءة/الكتابة للجميع

2. تنبيهات حول أحداث تصعيد الامتيازات غير المتوقعة من المستخدمين العاديين

3. تتبع تنفيذ عملية SupportAssist OS Recovery والعمليات الفرعية

4. مراقبة أنماط الاستغلال: الوصول إلى الملفات المؤقتة متبوعًا بتصعيد الامتيازات

5. تنفيذ مراقبة سلامة الملفات على دلائل تثبيت SupportAssist

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policies (privilege escalation prevention) ECC 2024 A.5.2.1 - User Registration and De-registration (least privilege enforcement) ECC 2024 A.5.3.1 - Access Rights Review (monitoring unauthorized privilege elevation) ECC 2024 A.8.1.1 - Information Security Awareness (secure coding and file permissions) ECC 2024 A.12.2.1 - Change Management (patch deployment procedures)

🔵 SAMA CSF

SAMA CSF ID.AM-2 - Asset Management (inventory of vulnerable systems) SAMA CSF PR.AC-1 - Access Control Policy (privilege escalation prevention) SAMA CSF PR.AC-4 - Access Rights Management (least privilege principle) SAMA CSF DE.CM-1 - System Monitoring (detection of privilege escalation) SAMA CSF RS.MI-2 - Incident Response (containment of privilege escalation)

🟡 ISO 27001:2022

ISO 27001:2022 A.5.3 - Segregation of duties (privilege separation) ISO 27001:2022 A.8.2 - Asset management (inventory and control) ISO 27001:2022 A.8.3 - Media handling (temporary file security) ISO 27001:2022 A.9.1 - Access control policy (least privilege) ISO 27001:2022 A.12.6 - Change management (patch procedures)

🟣 PCI DSS v4.0.1

PCI DSS 2.1 - Change default vendor passwords PCI DSS 6.2 - Security patches installation PCI DSS 7.1 - Limit access to system components PCI DSS 10.2 - User access logging and monitoring

🔗 References & Sources 1

🔗

https://www.dell.com/support/kbdoc/en-us/000401506/dsa-2025-456

security_alert@emc.com

Vendor Advisory

📦 Affected Products / CPE 1 entries

dell:supportassist_os_recovery

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityH — High

Privileges RequiredL — Low / Local

User InteractionR — Required

ScopeC — Changed

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-378

EPSS0.01%

Exploit No

Patch ✓ Yes

Published 2026-01-13

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-378

🏢 Vendor Advisories

🔗 https://www.dell.com/support/kbdoc/en-us/000401506/d...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2025-46685

💬 Comments

Introduce Yourself

Sign In Required