CVE-2025-43991

SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.

Published: Oct 13, 2025
Updated: Nov 5, 2025
CVE: CVE-2025-43991
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.3
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

CWEs:

CWE-61

Affected Software
References

Software	From	Fixed in
dell / supportassist_for_business_pcs	-	4.5.3.25254
dell / supportassist_for_home_pcs	-	4.8.2.29006

https://www.dell.com/support/kbdoc/en-us/000378367/dsa-2025-362-security-update-for-dell-supportassist-for-home-pcs-and-dell-supportassist-for-business-pcs-vulnerabilities

Vulnerability Database

CVE-2025-43991

Deep Security Visibility Without the Complexity