Cyber Posture

CVE-2026-25908

MediumLPE

Published: 27 April 2026

Published
27 April 2026
Modified
28 April 2026
KEV Added
Patch
CVSS Score 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.6th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25908 is a medium-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Dell Alienware Command Center. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match
prevent

Directly counters execution with unnecessary privileges by ensuring AWCC and related processes operate with the minimum access rights required, preventing low-privileged local attackers from escalating privileges.

SI-2 Flaw Remediation good match
prevent

Requires timely flaw remediation, such as applying Dell's AWCC update to version 6.13.8.0 or later, directly eliminating the vulnerability and blocking exploitation.

AC-3 Access Enforcement good match
prevent

Enforces approved access control policies at the system level, mediating and blocking unauthorized privilege escalations attempted via the AWCC vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

CWE-250 Execution with Unnecessary Privileges in a locally-installed Dell utility directly enables local privilege escalation; ATT&CK maps this to T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

Deeper analysisAI

CVE-2026-25908 is an Execution with Unnecessary Privileges vulnerability (CWE-250) in Dell Alienware Command Center (AWCC), affecting versions prior to 6.13.8.0. Published on 2026-04-27T18:16:53.360, the issue has a CVSS v3.1 base score of 6.7 (AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating medium severity with high impacts to confidentiality, integrity, and availability if exploited.

A low-privileged attacker with local access could potentially exploit this vulnerability to achieve elevation of privileges. Exploitation requires high attack complexity and user interaction, limiting its practicality but allowing an attacker to gain higher privileges on the affected system.

Dell's security advisory DSA-2026-192 provides a security update for AWCC 6.x addressing multiple vulnerabilities, including CVE-2026-25908. Security practitioners should recommend updating to version 6.13.8.0 or later to mitigate the risk.

Details

CWE(s)
CWE-250

Affected Products

dell
alienware command center
≤ 6.13.8.0

CVEs Like This One

CVE-2026-32655Same product: Dell Alienware Command Center
CVE-2026-24510Same product: Dell Alienware Command Center
CVE-2024-48013Same vendor: Dell
CVE-2026-27102Same vendor: Dell
CVE-2025-21105Same vendor: Dell
CVE-2026-25906Same vendor: Dell
CVE-2026-23857Same vendor: Dell
CVE-2026-35155Same vendor: Dell
CVE-2026-22765Same vendor: Dell
CVE-2026-26949Same vendor: Dell

References