HP Support Assistant <9.44.18.0: Local PrivEsc via File Write
CVE-2025-43026 Published on June 5, 2025
HP Support Assistant – Potential Escalation of Privilege
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
Weakness Type
Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Products Associated with CVE-2025-43026
Want to know whenever a new CVE is published for HP Support Assistant? stack.watch will email you.
Affected Versions
HP, Inc. HP Support Assistant Version See HP security bulletin reference for affected versions is affected by CVE-2025-43026Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.