Cyber Resilience

CVE-2025-46685

High

Published: 13 January 2026

Published
13 January 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0009 0.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-46685 is a high-severity Creation of Temporary File With Insecure Permissions (CWE-378) vulnerability in Dell Supportassist Os Recovery. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 0.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, is affected by CVE-2025-46685, a Creation of Temporary File With Insecure Permissions vulnerability (CWE-378). This flaw allows insecure handling of temporary files, which can be exploited under specific conditions. The vulnerability carries a CVSS v3.1 base score of 7.5 (High), with vector AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H, indicating local access vector, high attack complexity, low privileges required, user interaction needed, changed scope, and high impacts on confidentiality, integrity, and availability.

A low-privileged attacker with local access to the system can potentially exploit this vulnerability to achieve elevation of privileges. Exploitation requires high complexity and user interaction, such as tricking the user into specific actions, but success could grant the attacker escalated rights, enabling full control over the system including high-impact data access, modification, and disruption.

Dell has issued security advisory DSA-2025-456 at https://www.dell.com/support/kbdoc/en-us/000401506/dsa-2025-456, which provides details on the vulnerability and recommends updating to version 5.5.15.1 or later to mitigate the issue. Security practitioners should verify patch deployment on affected systems.

EU & UK References

Vulnerability details

Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.010 Services File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by services.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Insecure temp file permissions (CWE-378) directly enables local privilege escalation via file system weaknesses.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-22480Same product: Dell Supportassist Os Recovery
CVE-2026-22267Same vendor: Dell
CVE-2026-26949Same vendor: Dell
CVE-2026-32658Same vendor: Dell
CVE-2026-24510Same vendor: Dell
CVE-2025-21105Same vendor: Dell
CVE-2025-46691Same vendor: Dell
CVE-2025-24385Same vendor: Dell
CVE-2024-48013Same vendor: Dell
CVE-2026-22768Same vendor: Dell

Affected Assets

dell
supportassist os recovery
≤ 5.5.15.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces access permissions on temporary files created by SupportAssist OS Recovery so a low-privileged local user cannot read or modify them to escalate rights.

prevent

Requires the SupportAssist process and its temporary-file operations to run with only the privileges needed, blocking the insecure permissions that enable elevation.

prevent

Mandates prompt installation of the vendor patch (5.5.15.1+) that eliminates the insecure temporary-file creation flaw described in DSA-2025-456.

References