Platform
dell
Component
dell
Fixed in
1.4.0
1.9.1
1.8.1
1.9.1
1.11.0
1.42.0
CVE-2025-36579 describes a Weak Password Recovery Mechanism vulnerability found in Dell Client Platform BIOS. This flaw allows an unauthenticated attacker possessing physical access to the system to potentially bypass security measures and gain unauthorized access. The vulnerability impacts BIOS versions ranging from 0.0.0 through 2.39.0, and a fix is available in BIOS version 2.39.0.
The primary impact of CVE-2025-36579 is unauthorized access to the system. Because exploitation requires physical access, the attack vector is limited. However, successful exploitation could allow an attacker to modify system settings, install malicious software, or exfiltrate sensitive data stored on the device. The blast radius is limited to the compromised system itself, but the potential for data theft or system compromise remains significant. This vulnerability highlights the importance of physical security controls alongside software-based security measures.
CVE-2025-36579 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not currently known. The EPSS score is likely low, given the requirement for physical access. The vulnerability was publicly disclosed on 2026-04-16.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
The primary mitigation for CVE-2025-36579 is to upgrade the Dell BIOS to version 2.39.0 or later. Dell has released a BIOS update specifically addressing this vulnerability. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing enhanced physical security measures, such as restricting physical access to the server room and utilizing physical security devices like locked cabinets and surveillance cameras. After upgrading the BIOS, verify the password recovery mechanism functions as expected and that unauthorized access is prevented.
Update your Dell Pro 14 Essential PV14250 system BIOS to version 1.11.0 or later to mitigate the vulnerability. Download the latest BIOS from the Dell support website and follow the provided instructions to update the firmware. This update corrects a weak password recovery mechanism that could allow unauthorized access to the system.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-36579 is a medium-severity vulnerability in Dell Client Platform BIOS versions 0.0.0–2.39.0 that allows an unauthenticated attacker with physical access to potentially gain unauthorized access.
You are affected if your Dell Client Platform BIOS is running a version between 0.0.0 and 2.39.0, and you have not upgraded to version 2.39.0 or later.
Upgrade your Dell BIOS to version 2.39.0 or later. Refer to Dell's support website for instructions and download links.
There are currently no reports of CVE-2025-36579 being actively exploited, but the vulnerability remains a potential risk.
Please refer to the Dell Security Advisory page for the most up-to-date information and official advisory regarding CVE-2025-36579.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.