CVE-2025-36613: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

Dell SupportAssist software contains an Incorrect Privilege Assignment vulnerability (CVE-2025-36613) affecting SupportAssist for Home PCs versions 4.6.3 and prior, and SupportAssist for Business PCs versions 4.5.3 and prior. The vulnerability was disclosed on August 14, 2025, and received an initial CVSS v3.1 base score of 2.8 (Low) from Dell, while NIST later assessed it at 7.8 (High) (Dell Advisory, NVD).

The vulnerability is classified as an Incorrect Privilege Assignment (CWE-266) issue. According to the CVSS vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N, the vulnerability requires local access, low attack complexity, low privileges, and user interaction. The scope is unchanged, with no impact on confidentiality, low impact on integrity, and no impact on availability (Dell Advisory).

A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the affected system (Dell Advisory).

Dell has released remediated versions: SupportAssist for Home PCs version 4.8.2.38851 or later, and SupportAssist for Business PCs version 4.9.0 or later. Users are advised to update to these versions to address the vulnerability (Dell Advisory).