Primary

Context

Dell SupportAssist OS Recovery Symbolic Link Attack Vulnerability Allowing Arbitrary File Deletion and Privilege Escalation

Vulnerability

Patched

A symbolic link attack vulnerability has been identified in Dell SupportAssist OS Recovery versions prior to 5.5.13.1. This vulnerability allows a low-privileged attacker with local access to exploit the issue, potentially leading to arbitrary file deletion and elevation of privileges.

Impact

Exploitation of this vulnerability could result in unauthorized file deletion and elevated privileges on the affected system.

Remediation

Users can update to Dell SupportAssist OS Recovery version 5.5.13.1 or later. The application typically auto-updates to the latest version. To verify the installed version, check the 'Programs and Features' section in the Control Panel for 'Dell SupportAssist Remediation' and 'Dell SupportAssist OS Recovery Plugin'. Alternatively, the version can be checked in the 'About' section of the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

8.3

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

8.3

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dell SupportAssist OS Recovery Symbolic Link Attack Vulnerability Allowing Arbitrary File Deletion and Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Dell SupportAssist OS Recovery

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating