CVE-2025-46602 is a vulnerability classified under CWE-538, which concerns the insertion of sensitive information into files or directories that are externally accessible. This issue affects Dell SupportAssist OS Recovery software versions prior to 5.5.15.0. The vulnerability allows a low privileged attacker who has local access to the system to insert sensitive data into locations that can be accessed by unauthorized users, leading to potential information exposure. The CVSS v3.1 base score is 4.4, indicating medium severity. The attack vector is local (AV:L), with high attack complexity (AC:H), requiring low privileges (PR:L) and user interaction (UI:R). The scope is unchanged (S:U), and the impact is high on confidentiality (C:H), with no impact on integrity (I:N) or availability (A:N). The vulnerability arises because the software improperly handles sensitive data storage, allowing it to be written to files or directories accessible by other users or processes. Although no exploits are currently known in the wild, the vulnerability could be leveraged in environments where multiple users have local access, such as shared workstations or multi-user systems. This flaw could lead to unauthorized disclosure of sensitive information, potentially including system recovery data or user credentials stored by SupportAssist OS Recovery. The vulnerability was reserved in April 2025 and published in October 2025. No patches are currently linked, but Dell is expected to release updates to address this issue.

For European organizations, the primary impact of CVE-2025-46602 is the potential exposure of sensitive information stored by Dell SupportAssist OS Recovery. This could include recovery data or other confidential system information. The vulnerability requires local access and user interaction, limiting remote exploitation but increasing risk in environments with shared or insufficiently controlled local access, such as corporate offices, data centers, or public access terminals. Information disclosure could facilitate further attacks, including privilege escalation or lateral movement within networks. Confidentiality breaches could lead to compliance violations under GDPR, especially if personal or sensitive data is exposed. The lack of impact on integrity or availability reduces the risk of system disruption but does not diminish the importance of protecting sensitive data. Organizations relying heavily on Dell hardware with SupportAssist OS Recovery installed should consider this vulnerability a moderate risk, particularly in sectors with stringent data protection requirements like finance, healthcare, and government.

1. Restrict local access to systems running Dell SupportAssist OS Recovery to trusted and authorized personnel only, minimizing the risk of low privileged attackers gaining access. 2. Implement strict file system permissions and access controls on directories and files used by SupportAssist OS Recovery to prevent unauthorized read or write operations. 3. Monitor local system activity for unusual file creation or modification events related to SupportAssist OS Recovery directories. 4. Apply vendor patches promptly once Dell releases updates addressing this vulnerability; maintain an active patch management process. 5. Educate users about the risks of local attacks and the importance of not executing untrusted code or scripts on systems with sensitive recovery tools. 6. Consider using endpoint detection and response (EDR) solutions to detect suspicious local activities that could exploit this vulnerability. 7. For environments with multi-user access, consider isolating recovery environments or using virtualization to limit exposure. 8. Review and audit existing SupportAssist OS Recovery configurations to ensure no sensitive information is unnecessarily exposed.