Creation of Temporary File With Insecure Permissions

CVE-2025-38747

High

7.8/10

Summary

Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-378 - Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

References

Advisory Timeline

Published Aug 06, 2025

Creation of Temporary File With Insecure Permissions

CVE-2025-38747

Summary

CWE-378 - Creation of Temporary File With Insecure Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS