CVE-2025-43019 MEDIUM

CVE-2025-43019: HP Support Assistant – Potential Escalation of Privilege

Vendor Hp Inc.

Product HP Support Assistant

Weakness CWE-269

Published July 8, 2025

Last update July 8, 2025

View on NVD All CVEs

CVSS base score

5.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.

Key dates

02Disclosure timeline

July 8, 2025 CVE published

July 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-43019 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

04Related CVE

CVE-2019-3585 VSE Escalation of Privileges through Alert pop-up window CVE-2024-11128 Insufficient Hardened Runtime or Library Validation signing in Bitdefender Virus Scanner for macOS CVE-2026-33074 Discourse: Vulnerability in discourse-subscriptions plugin allowing users to self-grant to higher tier subscriptions CVE-2023-7080 Arbitrary remote code execution within wrangler dev Workers sandbox CVE-2023-43664 Employee without any access rights can list all installed modules in Prestashop

Identifiers

CVE CVE-2025-43019

CWE CWE-269

CVSS 5.8 / MEDIUM

Affected versions

Vendor Hp Inc.

Product HP Support Assistant

Affected See HP Security Bulletin reference for affected versions.