CVE-2023-25535: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

Dell SupportAssist for Home PCs Installer Executable file version prior to 3.13.2.19 contains a high-severity vulnerability (CVE-2023-25535) that could result in local privilege escalation (LPE). This vulnerability specifically affects first-time installations performed before March 8, 2023 (Dell Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.2 HIGH with the vector string CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H. This indicates that exploitation requires local access, high complexity, high privileges, and user interaction. The scope is changed, and successful exploitation could result in high impacts to confidentiality, integrity, and availability (Dell Advisory).

If successfully exploited, this vulnerability could allow an authenticated malicious user to elevate privileges on the affected system, potentially gaining complete system control. The vulnerability specifically affects the SupportAssistInstaller.exe file used during fresh installations (Dell Advisory).

Dell has addressed this vulnerability in version 3.13.2.19 of the SupportAssistInstaller.exe. Users who downloaded or installed SupportAssist before March 8, 2023, should remove any existing version of the SupportAssistInstaller.exe. It's important to note that the installed SupportAssist for Home PCs application itself is not affected (Dell Advisory).