CVE-2025-36612 is a vulnerability identified in Dell SupportAssist for Business PCs, specifically in versions 4.5.3 and prior. The vulnerability is categorized under CWE-266, which pertains to Incorrect Privilege Assignment. This flaw allows a low-privileged attacker with local access to the affected system to potentially escalate their privileges. The vulnerability arises because the software improperly assigns privileges, enabling an attacker to gain higher-level permissions than intended. Exploitation requires local access and user interaction, and the attack complexity is high, indicating some difficulty in successfully exploiting the vulnerability. The CVSS v3.1 base score is 6.7, reflecting a medium severity level, with impacts on confidentiality, integrity, and availability all rated high. The vulnerability does not currently have known exploits in the wild, and no patches have been linked yet. The affected product, Dell SupportAssist for Business PCs, is a utility designed to assist with system maintenance and support, typically pre-installed on Dell business-class machines. Given the nature of the vulnerability, an attacker who successfully exploits it could gain elevated privileges, potentially leading to unauthorized access to sensitive data, modification or deletion of critical files, and disruption of system operations.

For European organizations, this vulnerability poses a significant risk, especially for enterprises and government agencies that utilize Dell business PCs with SupportAssist installed. The ability for a low-privileged local attacker to escalate privileges could lead to insider threats or compromise through social engineering or physical access. Confidentiality could be breached if sensitive corporate or personal data is accessed or exfiltrated. Integrity risks include unauthorized modification of system files or configurations, potentially undermining system trustworthiness. Availability could also be impacted if critical system components are disrupted or disabled. Organizations with strict compliance requirements, such as GDPR, could face regulatory consequences if data breaches occur due to exploitation of this vulnerability. The requirement for local access limits remote exploitation but does not eliminate risk, as attackers may leverage other attack vectors to gain initial foothold. The lack of known exploits currently reduces immediate threat but does not preclude future exploitation once details become public or tools are developed.

European organizations should prioritize the following mitigation steps: 1) Inventory and identify all Dell business PCs running SupportAssist version 4.5.3 or earlier. 2) Monitor Dell’s official channels for patches or updates addressing CVE-2025-36612 and apply them promptly once available. 3) Restrict physical and local access to business PCs, enforcing strict access controls and user authentication policies to minimize the risk of local attackers. 4) Implement endpoint detection and response (EDR) solutions to monitor for unusual privilege escalation attempts or suspicious local activity. 5) Educate employees about the risks of local privilege escalation and enforce policies against unauthorized software installation or use. 6) Consider disabling or uninstalling SupportAssist if it is not essential, or limit its permissions to reduce attack surface. 7) Regularly audit system logs for signs of privilege escalation or unauthorized access attempts. These targeted actions go beyond generic advice by focusing on the specific conditions and context of this vulnerability.