Cyber Posture

CVE-2025-22480

High

Published: 13 February 2025

Published
13 February 2025
Modified
24 September 2025
KEV Added
Patch
CVSS Score 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 20.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22480 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Dell Supportassist Os Recovery. Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the symbolic link vulnerability by requiring timely flaw remediation through application of the vendor patch to Dell SupportAssist OS Recovery version 5.5.13.1 or later.

AC-25 Reference Monitor good match
prevent

Implements a tamper-resistant reference monitor that mediates all file access decisions, preventing exploitation via improper symbolic link resolution as in CWE-59 and CWE-61.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to limit the scope of low-privileged local attackers, reducing the impact of privilege escalation and arbitrary file deletion enabled by the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
Why these techniques?

Vulnerability enables local privilege escalation via symbolic link manipulation (T1068) and directly allows arbitrary file deletion (T1070.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges.

Deeper analysisAI

CVE-2025-22480 is a symbolic link attack vulnerability affecting Dell SupportAssist OS Recovery versions prior to 5.5.13.1. The issue, published on 2025-02-13, is linked to CWE-61 (Symbolic Race Condition) and CWE-59 (Improper Link Resolution Before File Access), enabling exploitation through manipulated symbolic links during file operations.

A low-privileged local attacker (PR:L) can exploit this vulnerability with high attack complexity (AC:H) and no user interaction required (UI:N). Successful exploitation allows arbitrary file deletion and elevation of privileges, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H). The CVSS v3.1 base score is 7.0 (High), with local access vector (AV:L) and no scope change (S:U).

Dell advisory DSA-2025-051, available at https://www.dell.com/support/kbdoc/en-us/000275712/dsa-2025-051, addresses this vulnerability. Mitigation requires updating Dell SupportAssist OS Recovery to version 5.5.13.1 or later.

Details

CWE(s)
CWE-61CWE-59

Affected Products

dell
supportassist os recovery
≤ 5.5.13.1

CVEs Like This One

CVE-2025-46685Same product: Dell Supportassist Os Recovery
CVE-2026-25906Same vendor: Dell
CVE-2026-22767Same vendor: Dell
CVE-2026-32655Same vendor: Dell
CVE-2026-27102Same vendor: Dell
CVE-2025-21105Same vendor: Dell
CVE-2026-23857Same vendor: Dell
CVE-2026-35155Same vendor: Dell
CVE-2026-24510Same vendor: Dell
CVE-2026-22765Same vendor: Dell

References