CVE-2025-46685
Published: 13 January 2026
Summary
CVE-2025-46685 is a high-severity Creation of Temporary File With Insecure Permissions (CWE-378) vulnerability in Dell Supportassist Os Recovery. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 0.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, is affected by CVE-2025-46685, a Creation of Temporary File With Insecure Permissions vulnerability (CWE-378). This flaw allows insecure handling of temporary files, which can be exploited under specific conditions. The vulnerability carries a CVSS v3.1 base score of 7.5 (High), with vector AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H, indicating local access vector, high attack complexity, low privileges required, user interaction needed, changed scope, and high impacts on confidentiality, integrity, and availability.
A low-privileged attacker with local access to the system can potentially exploit this vulnerability to achieve elevation of privileges. Exploitation requires high complexity and user interaction, such as tricking the user into specific actions, but success could grant the attacker escalated rights, enabling full control over the system including high-impact data access, modification, and disruption.
Dell has issued security advisory DSA-2025-456 at https://www.dell.com/support/kbdoc/en-us/000401506/dsa-2025-456, which provides details on the vulnerability and recommends updating to version 5.5.15.1 or later to mitigate the issue. Security practitioners should verify patch deployment on affected systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2229
Vulnerability details
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure temp file permissions (CWE-378) directly enables local privilege escalation via file system weaknesses.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces access permissions on temporary files created by SupportAssist OS Recovery so a low-privileged local user cannot read or modify them to escalate rights.
Requires the SupportAssist process and its temporary-file operations to run with only the privileges needed, blocking the insecure permissions that enable elevation.
Mandates prompt installation of the vendor patch (5.5.15.1+) that eliminates the insecure temporary-file creation flaw described in DSA-2025-456.