Lucene search
K

Dell Client BIOS Stack-based Buffer Overflow (DSA-2025-088)

🗓️ 11 Apr 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 10 Views

Dell Client BIOS vulnerability allows local high privileged attackers to execute arbitrary code.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2025-29988
9 Apr 202503:15
attackerkb
Circl
CVE-2025-29988
9 Apr 202502:47
circl
CNNVD
Dell Client Platform BIOS 安全漏洞
9 Apr 202500:00
cnnvd
CNVD
Dell Client Platform BIOS Buffer Overflow Vulnerability
18 Apr 202500:00
cnvd
CVE
CVE-2025-29988
9 Apr 202502:25
cve
Cvelist
CVE-2025-29988
9 Apr 202502:25
cvelist
EUVD
EUVD-2025-10416
3 Oct 202520:07
euvd
NVD
CVE-2025-29988
9 Apr 202503:15
nvd
OSV
CVE-2025-29988
9 Apr 202503:15
osv
Positive Technologies
PT-2025-15669 · Dell · Dell Client Platform Bios
9 Apr 202500:00
ptsecurity
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(234229);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/04/11");

  script_cve_id("CVE-2025-29988");
  script_xref(name:"IAVA", value:"2025-A-0251");

  script_name(english:"Dell Client BIOS Stack-based Buffer Overflow (DSA-2025-088)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local
access could potentially exploit this vulnerability, leading to arbitrary code execution.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.dell.com/support/kbdoc/en-in/000283859/dsa-2025-088");
  script_set_attribute(attribute:"solution", value:
"Apply the security patch in accordance with the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-29988");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/04/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/04/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:dell:bios");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("bios_get_info_wmi.nbin");
  script_require_keys("BIOS/Model", "BIOS/Version", "BIOS/Vendor");

  exit(0);
}

include('vcf_extras.inc');

var app_name = 'Dell Inc.';
var app_info = vcf::dell_bios_win::get_app_info(app:app_name);
var model = app_info['model'];

var fix = '';
if (!model)
  exit(0, 'The model of the device running the Dell BIOS could not be identified.');

if (model == 'Dell Pro 14 Plus PB14250') fix = '2.1.5';
  else if (model == 'Latitude 5430 Rugged') fix = '1.35.0';
  else if (model == 'Latitude 7330 Rugged') fix = '1.35.0';
  else if (model == 'Precision 3660') fix = '2.24.0';
  else if (model == 'Vostro 5890') fix = '1.33.0';
  else audit(AUDIT_HOST_NOT, 'an affected model');

var constraints = [{ 'fixed_version' : fix, 'fixed_display': fix + ' for ' + model }];
# Have a more useful audit message
app_info.app = 'Dell System BIOS for ' + model;

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Apr 2025 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.16.7 - 6.9
EPSS0.00168
SSVC
10