CVE-2025-38746 LOW

CVE-2025-38746

Vendor Dell

Product SupportAssist OS Recovery

Weakness CWE-200 · Info exposure

Published August 6, 2025

Last update August 6, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Physical

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.

Key dates

02Disclosure timeline

August 6, 2025 CVE published

August 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-38746 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2022-39030 Smart eVision - Exposure of Sensitive Information to an Unauthorized Actor -2 CVE-2026-1980 WPBookit <= 1.0.8 - Missing Authorization to Unauthenticated Sensitive Customer Data Exposure CVE-2016-6548 Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token CVE-2021-41263 Secure/signed cookies share secrets between sites in rails_multisite CVE-2021-24122 Apache Tomcat information disclosure