CVE-2025-46691
Published: 28 January 2026
Summary
CVE-2025-46691 is a high-severity Improper Access Control (CWE-284) vulnerability in Dell Premiercolor. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely patching of the Dell PremierColor Panel Driver to version 1.0.0.1 A01 or later, eliminating the improper access control flaw.
Enforces least privilege on user accounts, limiting the capabilities of the low-privileged local attacker required to exploit the elevation of privilege vulnerability.
Mandates enforcement of approved access authorizations, countering the driver's flawed access control mechanisms that allow unauthorized privilege escalation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local EoP vulnerability via improper access control directly enables exploitation for privilege escalation to obtain admin rights and arbitrary code execution.
NVD Description
Dell PremierColor Panel Driver, versions prior to 1.0.0.1 A01, contains an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
Deeper analysisAI
CVE-2025-46691 is an Improper Access Control vulnerability (CWE-284) in the Dell PremierColor Panel Driver, affecting versions prior to 1.0.0.1 A01. This local elevation of privilege issue allows unauthorized access to restricted resources due to flawed access control mechanisms in the driver, which is part of Dell's software ecosystem for managing display color profiles on supported systems. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts from a low-complexity local attack.
A low-privileged attacker with local access to the affected system can exploit this vulnerability without user interaction. Successful exploitation enables elevation of privileges, potentially granting the attacker full administrative control over the system, allowing arbitrary code execution, data manipulation, or persistence mechanisms.
Dell's security advisory DSA-2025-444, available at https://www.dell.com/support/kbdoc/en-us/000394670/dsa-2025-444?lang=en, provides details on the issue and recommends updating to Dell PremierColor Panel Driver version 1.0.0.1 A01 or later to mitigate the vulnerability. Security practitioners should verify system driver versions and apply the patch promptly on affected Dell endpoints.
Details
- CWE(s)