What is CVE-2025-38746?

CVE-2025-38746 is a low-severity vulnerability in Dell Supportassist Os Recovery, classified under Information Disclosure. CVSS score: 3.5/10. Published 2025-08-06.

How severe is CVE-2025-38746?

Low severity. CVSS v3 base score is 3.5 out of 10.

Information disclosure in Dell Supportassist Os Recovery

CVE-2025-38746

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability…

Vulnerability class: Information Disclosure

EPSS: 0.001 (27.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Dell Supportassist Os Recovery — versions N/A

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

www.dell.com/support/kbdoc/en-us/000353093/dsa-2025-315 (vendor-advisory)

Frequently asked questions

What is CVE-2025-38746?: CVE-2025-38746 is a low-severity vulnerability in Dell Supportassist Os Recovery, classified under Information Disclosure. CVSS score: 3.5/10. Published 2025-08-06.
How severe is CVE-2025-38746?: Low severity. CVSS v3 base score is 3.5 out of 10.