プラットフォーム
dell
コンポーネント
dell
修正版
1.4.0
1.9.1
1.8.1
1.9.1
1.11.0
1.42.0
CVE-2025-36579 describes a Weak Password Recovery Mechanism vulnerability found in Dell Client Platform BIOS. This flaw allows an unauthenticated attacker possessing physical access to the system to potentially bypass security measures and gain unauthorized access. The vulnerability impacts BIOS versions ranging from 0.0.0 through 2.39.0, and a fix is available in BIOS version 2.39.0.
The primary impact of CVE-2025-36579 is unauthorized access to the system. Because exploitation requires physical access, the attack vector is limited. However, successful exploitation could allow an attacker to modify system settings, install malicious software, or exfiltrate sensitive data stored on the device. The blast radius is limited to the compromised system itself, but the potential for data theft or system compromise remains significant. This vulnerability highlights the importance of physical security controls alongside software-based security measures.
CVE-2025-36579 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not currently known. The EPSS score is likely low, given the requirement for physical access. The vulnerability was publicly disclosed on 2026-04-16.
Organizations with Dell Client Platform BIOS systems deployed in environments with limited physical security controls are at increased risk. This includes organizations with server rooms accessible to unauthorized personnel, or systems deployed in public areas without adequate physical security measures. Legacy systems running older BIOS versions are particularly vulnerable.
• linux / server:
journalctl -u bios_update | grep -i 'password recovery'• generic web: Check BIOS configuration pages for unusual password reset options or vulnerabilities. Review system logs for suspicious activity related to password resets.
disclosure
エクスプロイト状況
EPSS
0.01% (1% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-36579 is to upgrade the Dell BIOS to version 2.39.0 or later. Dell has released a BIOS update specifically addressing this vulnerability. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing enhanced physical security measures, such as restricting physical access to the server room and utilizing physical security devices like locked cabinets and surveillance cameras. After upgrading the BIOS, verify the password recovery mechanism functions as expected and that unauthorized access is prevented.
Actualice el BIOS de su sistema Dell Pro 14 Essential PV14250 a la versión 1.11.0 o posterior para mitigar la vulnerabilidad. Descargue la última versión del BIOS desde el sitio web de soporte de Dell y siga las instrucciones proporcionadas para actualizar el firmware. Esta actualización corrige un mecanismo de recuperación de contraseña débil que podría permitir el acceso no autorizado al sistema.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-36579 is a medium-severity vulnerability in Dell Client Platform BIOS versions 0.0.0–2.39.0 that allows an unauthenticated attacker with physical access to potentially gain unauthorized access.
You are affected if your Dell Client Platform BIOS is running a version between 0.0.0 and 2.39.0, and you have not upgraded to version 2.39.0 or later.
Upgrade your Dell BIOS to version 2.39.0 or later. Refer to Dell's support website for instructions and download links.
There are currently no reports of CVE-2025-36579 being actively exploited, but the vulnerability remains a potential risk.
Please refer to the Dell Security Advisory page for the most up-to-date information and official advisory regarding CVE-2025-36579.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。