CVE-2025-38746

Published Aug 6, 2025

Last updated 7 months ago

CVSS low 3.5

Overview

Description: Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
Source: security_alert@emc.com
NVD status: Analyzed
Products: supportassist_os_recovery

Risk scores

CVSS 3.1

Type: Primary
Base score: 2.4
Impact score: 1.4
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

Weaknesses

security_alert@emc.com: CWE-200

Hype score: Not currently trending

CVE-2025-38746 Dell SupportAssist OS Recovery Information Disclosure Vul... https://t.co/xMwlfk9dDC Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd
@VulmonFeeds
6 Aug 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:supportassist_os_recovery:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "23BD8270-8E44-4B09-9C58-34B1C76D1AB8",
            "versionEndExcluding": "5.5.14.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References