A variety of vulnerabilities impacts thousands and thousands of Dell laptops utilized by authorities companies, cybersecurity professionals, and enterprises worldwide.
The vulnerabilities, collectively dubbed “ReVault,” goal the Broadcom BCM5820X safety chip embedded in Dell’s ControlVault3 firmware, creating alternatives for attackers to steal passwords, biometric information, and preserve persistent entry to compromised programs.
The vulnerabilities have an effect on greater than 100 totally different fashions of Dell laptops, primarily from the business-focused Latitude and Precision collection which are broadly deployed in delicate environments.
These units are generally present in cybersecurity corporations, authorities amenities, and rugged deployments the place enhanced safety features like smartcard and NFC authentication are important.
Dell ControlVault serves as a “hardware-based safety resolution that gives a safe financial institution that shops your passwords, biometric templates, and safety codes throughout the firmware,” in accordance with the corporate.
The system operates on a separate daughter board referred to as a Unified Safety Hub (USH), which connects varied safety peripherals, together with fingerprint readers, good card readers, and NFC units.
ReVault Assault – 5 Crucial Vulnerabilities
Cisco Talos researchers recognized 5 distinct vulnerabilities within the ControlVault3 and ControlVault3+ programs:
CVE-2025-24311: An out-of-bounds learn vulnerability that permits info leakage
CVE-2025-25050: An out-of-bounds write flaw permitting code execution
CVE-2025-25215: An arbitrary reminiscence free vulnerability
CVE-2025-24922: A stack-based buffer overflow enabling arbitrary code execution
CVE-2025-24919: An unsafe deserialization flaw in ControlVault’s Home windows APIs
All vulnerabilities obtained CVSS scores above 8.0, classifying them as “excessive” severity threats. The mix of those flaws creates notably harmful assault eventualities that safety consultants warn might have far-reaching penalties.
Essentially the most regarding side of the ReVault vulnerabilities is their potential for establishing a persistent compromise that is still undetected even after a whole Home windows reinstallation.
Assault Situation (Supply: Talos)
In response to the researchers, a non-administrative person can work together with ControlVault firmware by means of Home windows APIs to set off arbitrary code execution, permitting attackers to extract cryptographic keys and completely modify the firmware.
“This creates the danger of a so-called implant that might keep unnoticed in a laptop computer’s ControlVault firmware and ultimately be used as a pivot again onto the system within the case of a menace actor’s post-compromise technique,” the Talos crew defined of their technical disclosure.
The persistent nature of those assaults represents a big escalation in firmware-based threats, because the malicious code resides beneath the working system degree, the place conventional antivirus options can’t detect or take away it.
Past distant exploitation, the vulnerabilities additionally allow devastating bodily assaults. Researchers demonstrated that an attacker with temporary bodily entry to a laptop computer can open the chassis and straight entry the USH board through USB utilizing a customized connector.
This method bypasses the necessity for system login credentials or information of full-disk encryption passwords.
Researchers confirmed how tampered ControlVault firmware could possibly be configured to simply accept any fingerprint for authentication together with non-human objects like greens.
A video launched by Cisco Talos reveals a spring onion efficiently unlocking a compromised Dell laptop computer, highlighting the entire breakdown of biometric safety controls.
“If a system is configured to be unlocked with the person’s fingerprint, it is usually doable to tamper with the ControlVault firmware to simply accept any fingerprint moderately than solely permitting a official person’s,” the researchers famous.
Dell Response
Dell responded promptly to the vulnerability disclosure, working with Broadcom to develop and distribute firmware updates starting in March 2025.
The corporate notified prospects of the vital safety points on June 13, 2025, and has been releasing patches by means of each Home windows Replace and Dell’s assist web site.
“Working with our firmware supplier, we addressed the problems shortly and transparently disclosed the reported vulnerabilities in accordance with our Vulnerability Response Coverage,” a Dell spokesperson said. The corporate emphasised that no proof of energetic exploitation has been found within the wild.
The vulnerabilities have an effect on Dell ControlVault3 variations prior to five.15.10.14 and Dell ControlVault3+ variations prior to six.2.26.36. Organizations are strongly urged to use firmware updates instantly, because the automated deployment by means of Home windows Replace could not attain all enterprise environments with restricted replace insurance policies.
“These findings spotlight the significance of evaluating the safety posture of all {hardware} parts inside your units, not simply the working system or software program,” the Cisco Talos researchers concluded. “Staying vigilant, patching your programs and proactively assessing threat are important to safeguard your programs towards evolving threats.”
Dell Safety Advisory DSA-2025-053 incorporates full particulars on affected fashions and remediation procedures. Organizations can entry up to date firmware by means of Dell’s assist web site or through Home windows Replace mechanisms.
Equip your SOC with full entry to the newest menace information from ANY.RUN TI Lookup that may Enhance incident response -> Get 14-day Free Trial
