What is CVE-2025-46602?

CVE-2025-46602 is a medium-severity vulnerability in Dell Supportassist Os Recovery, classified under Insertion of Sensitive Information into Externally-Accessible File or Directory. CVSS score: 4.4/10. Published 2025-10-27.

How severe is CVE-2025-46602?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Information disclosure in Dell Supportassist Os Recovery

CVE-2025-46602

Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could potentially exploit thi…

EPSS: 0.000 (2.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N.

Affected products

Dell Supportassist Os Recovery — versions N/A

Weakness classification (CWE)

CWE-538 — Insertion of Sensitive Information into Externally-Accessible File or Directory

References

www.dell.com/support/kbdoc/en-us/000382443/dsa-2025-403 (vendor-advisory)

Frequently asked questions

What is CVE-2025-46602?: CVE-2025-46602 is a medium-severity vulnerability in Dell Supportassist Os Recovery, classified under Insertion of Sensitive Information into Externally-Accessible File or Directory. CVSS score: 4.4/10. Published 2025-10-27.
How severe is CVE-2025-46602?: Medium severity. CVSS v3 base score is 4.4 out of 10.