5 vulnerabilities within the ControlVault3 firmware and the related Home windows APIs expose thousands and thousands of Dell laptops to persistent implants and Home windows login bypasses by way of bodily entry, Cisco Talos reviews.
The problems, tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919, had been initially disclosed on June 13, when Dell introduced that patches for them had been rolled out for over 100 Dell Professional, Latitude, and Precision fashions.
The affected part, ControlVault3 (and the ControlVault3+ iteration), is a hardware-based system meant to securely retailer passwords, biometric data, and safety codes.
CVE-2025-24311 and CVE-2025-25050 are out-of-bounds points that may very well be triggered by way of specifically crafted ControlVault API calls to leak data or write exterior the allotted reminiscence, whereas CVE-2025-25215 results in an arbitrary free by way of a crafted name and may be triggered by way of a cast session.
CVE-2025-24922 and CVE-2025-24919, a stack-based buffer overflow bug and a deserialization of untrusted enter vulnerability, can result in arbitrary code execution.
In line with Talos, an attacker that doesn’t have administrative privileges may work together with ControlVault by way of the related API and execute arbitrary code on the firmware, leaking delicate data affecting the safety of the machine, which may permit them to change the firmware.
“This creates the danger of a so-called implant that would keep unnoticed in a laptop computer’s CV firmware and finally be used as a pivot again onto the system within the case of a risk actor’s post-compromise technique,” Talos, which named the failings ReVault, says.
The safety agency additionally notes that an attacker with bodily entry to the machine may pry it open and entry the USH board, permitting the attacker to use any of the 5 vulnerabilities with out having to log in or know a full-disk encryption password.Commercial. Scroll to proceed studying.
“One other fascinating consequence of this situation is that if a system is configured to be unlocked with the consumer’s fingerprint, it’s also attainable to tamper with the CV firmware to simply accept any fingerprint fairly than solely permitting a reputable consumer’s,” Talos notes.
In line with Talos, the vulnerabilities may pose a severe risk to organizations in cybersecurity, authorities, and different delicate industries, the place strict login necessities improve the probability of ControlVault getting used.
Dell’s June advisory lists all of the affected fashions and susceptible firmware variations, in addition to the dates when patches had been launched for them.
Associated: Lenovo Firmware Vulnerabilities Permit Persistent Implant Deployment
Associated: Flaws in Gigabyte Firmware Permit Safety Bypass, Backdoor Deployment
Associated: Dell Says Knowledge Leaked by Hackers Is Faux
Associated: Vital OpenWrt Flaw Exposes Firmware Replace Server to Exploitation
