CVE-2025-22480

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/02/2025
Last modified:
18/02/2025

Description

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:dell:supportassist:*:*:*:*:*:*:*:* 5.5.13.1 (excluding)


References to Advisories, Solutions, and Tools