CVE-2025-38738: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

CVE-2025-38738 affects Dell SupportAssist for Home PCs Installer version 4.8.2.29006 and prior versions. The vulnerability was disclosed on August 14, 2025, and involves an Incorrect Privilege Assignment vulnerability in the Installer component. This security flaw specifically impacts the installation process of Dell SupportAssist for Home PCs (Dell Advisory).

The vulnerability is classified as an Incorrect Privilege Assignment (CWE-266) with a CVSS v3.1 Base Score of 6.7 (Medium). The CVSS vector string is CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H, indicating local access required, high attack complexity, low privileges required, user interaction required, and high impact on confidentiality, integrity, and availability (Dell Advisory).

If exploited, this vulnerability could lead to elevation of privileges on the affected system. The vulnerability is only active during the installation process and does not have any attack vectors after the installation is completed. It does not impact any version of already installed SupportAssist for Home PCs (Dell Advisory).

Dell has released version 4.8.2.38851 which remedies this vulnerability. The fix has been deployed to systems in production to remediate new installations and future upgrades. Customers are not required to take any action and should not uninstall or reinstall SupportAssist for Home PCs that is already on their systems (Dell Advisory).

Dell has acknowledged the vulnerability discovery by crediting Ouallaout Noureddine for reporting this issue (Dell Advisory).