CVE-2025-36613 is an Incorrect Privilege Assignment vulnerability (CWE-266) found in Dell SupportAssist for Home PCs (versions 4.6.3 and prior) and SupportAssist for Business PCs (versions 4.5.3 and prior). SupportAssist is a utility designed to help users maintain their Dell systems by providing automated support, diagnostics, and updates. The vulnerability allows a low-privileged local attacker to exploit improper privilege assignments within the software, potentially escalating their privileges or gaining unauthorized access to certain functionalities or data. The CVSS 3.1 base score is 2.8, indicating a low severity level. The attack vector is local (AV:L), requiring the attacker to have local access to the machine. The attack complexity is low (AC:L), and the attacker must have low privileges (PR:L) but requires user interaction (UI:R). The vulnerability does not impact confidentiality but can affect integrity, with no impact on availability. No known exploits are currently reported in the wild, and no patches are linked yet. This vulnerability is primarily a local privilege escalation or unauthorized access issue due to incorrect privilege assignment within the SupportAssist application, which could allow an attacker to perform actions beyond their intended permission level.

For European organizations, the impact of this vulnerability is generally limited due to the low severity and local access requirement. However, Dell SupportAssist is widely used across both consumer and business segments in Europe, especially in enterprises relying on Dell hardware for endpoint management. If an attacker gains local access—such as through physical access, social engineering, or via other compromised accounts—they could leverage this vulnerability to escalate privileges or bypass restrictions within the SupportAssist application. This could lead to unauthorized changes in system configurations or access to diagnostic data, potentially aiding further attacks or persistence. While the vulnerability does not directly compromise confidentiality or availability, the integrity impact could facilitate lateral movement or privilege escalation chains in targeted attacks. Organizations with less stringent endpoint physical security or those with many remote or mobile users might face higher risks. Additionally, environments with shared or multi-user systems could be more vulnerable to exploitation. Overall, the threat is moderate but should not be ignored, especially in sensitive or regulated sectors where even low-level privilege escalations can have compliance or operational consequences.

To mitigate this vulnerability effectively, European organizations should: 1) Immediately verify the version of Dell SupportAssist installed on all endpoints and prioritize upgrading to versions beyond 4.6.3 for Home PCs and 4.5.3 for Business PCs once patches are released. 2) Until patches are available, restrict local access to endpoints by enforcing strict physical security controls and limiting user accounts with local login rights. 3) Implement application whitelisting and endpoint protection solutions that can monitor or block unauthorized attempts to exploit privilege assignments within SupportAssist. 4) Use least privilege principles for user accounts, ensuring users do not have unnecessary local privileges that could be leveraged. 5) Monitor system logs and SupportAssist activity for unusual behavior indicative of privilege escalation attempts. 6) Educate users about the risks of local access attacks and enforce policies to prevent unauthorized physical or remote access. 7) Coordinate with Dell support channels to receive timely updates and patches and test them in controlled environments before wide deployment. These steps go beyond generic advice by focusing on controlling local access vectors and monitoring the specific application involved.