プラットフォーム
hpe
コンポーネント
hp-support-assistant
修正版
9.47.41.0
CVE-2025-10578 describes a privilege escalation vulnerability discovered in HP Support Assistant. Successful exploitation could allow a local attacker to gain elevated privileges by writing arbitrary files. This vulnerability affects versions of HP Support Assistant prior to 9.47.41.0. A patch is available from HP, recommending upgrading to version 9.47.41.0.
The primary impact of CVE-2025-10578 is the potential for a local attacker to escalate their privileges on a system running HP Support Assistant. This means an attacker who already has some level of access to the system could gain administrative or system-level control. The arbitrary file write capability allows the attacker to modify system files or create new files with elevated permissions, effectively bypassing normal access controls. The blast radius is limited to the system where HP Support Assistant is installed, but successful privilege escalation can lead to complete system compromise, including data theft, malware installation, and further lateral movement within the network if the compromised system has access to other resources.
CVE-2025-10578 was publicly disclosed on 2025-10-01. The vulnerability's exploitation context is currently unclear; no public proof-of-concept (PoC) code has been released. It is not listed on the CISA KEV catalog at the time of this writing. The EPSS score is pending evaluation, but the potential for privilege escalation suggests a medium to high probability of exploitation if a PoC is developed.
Systems running HP Support Assistant, particularly those with limited user access controls, are at risk. Organizations that rely on HP Support Assistant for hardware diagnostics and driver updates are particularly vulnerable. Users with administrative privileges on affected systems are at the highest risk.
• windows / supply-chain:
Get-Process -Name "HPSupportAssistant" | Select-Object -ExpandProperty Path• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='HP Support Assistant']]]" -MaxEvents 10• windows / supply-chain: Check Autoruns for suspicious entries related to HP Support Assistant (using tools like Autoruns from Sysinternals).
disclosure
エクスプロイト状況
EPSS
0.01% (1% パーセンタイル)
CISA SSVC
The primary mitigation for CVE-2025-10578 is to upgrade HP Support Assistant to version 9.47.41.0 or later. If an immediate upgrade is not possible due to compatibility issues or testing requirements, consider restricting file write access for the HP Support Assistant process. While not a complete solution, this can limit the attacker's ability to exploit the vulnerability. Monitor system logs for unusual file creation or modification activity related to HP Support Assistant. There are no specific WAF or proxy rules applicable to this vulnerability as it is a local privilege escalation issue.
Actualice HP Support Assistant a la versión 9.47.41.0 o posterior. Esta actualización corrige la vulnerabilidad que permite la escalada de privilegios a través de la escritura arbitraria de archivos. Puede descargar la última versión desde el sitio web oficial de HP o a través del propio HP Support Assistant.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-10578 is a vulnerability in HP Support Assistant allowing a local attacker to escalate privileges by writing arbitrary files. Severity is pending evaluation.
You are affected if you are running HP Support Assistant versions prior to 9.47.41.0. Refer to the HP Security Bulletin for a complete list of affected versions.
Upgrade HP Support Assistant to version 9.47.41.0 or later. If immediate upgrade is not possible, restrict file write access for the HP Support Assistant process.
There is no confirmed active exploitation of CVE-2025-10578 at this time, but the potential for privilege escalation warrants caution.
Refer to the HP Security Bulletin referenced in the CVE description for the official advisory and detailed information.