Symlink Follow in Dell SupportAssist <=4.8.2 Home / <=4.5.3 Biz, File Delete
CVE-2025-43991 Published on October 13, 2025

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-43991 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Symlink following Vulnerability?

The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files. A software system that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.

CVE-2025-43991 has been classified to as a Symlink following vulnerability or weakness.


Products Associated with CVE-2025-43991

Want to know whenever a new CVE is published for Dell products? stack.watch will email you.

Dell Supportassist For Home Pcs
 
Dell Supportassist For Business Pcs
 
Dell Supportassist
 

Affected Versions

Dell SupportAssist for Home PCs: Dell SupportAssist for Business PCs:

Exploit Probability

EPSS
0.03%
Percentile
9.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.