Arbitrary Free Vulnerability in Dell ControlVault3 and ControlVault3 Plus
CVE-2025-25215

8.8HIGH

Key Information:

Vendor

Broadcom
Status
Bcm5820x
Controlvault3
Controlvault3 Plus
Vendor
CVE Published:
13 June 2025

Badges

๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

What is CVE-2025-25215?

An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 and ControlVault3 Plus. This flaw, present in versions prior to 5.15.10.14 for ControlVault3 and 6.2.26.36 for ControlVault3 Plus, allows an attacker to exploit a specially crafted ControlVault API call. By forging a fake session, the attacker can trigger the vulnerability, potentially leading to unauthorized actions within the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BCM5820X NA

ControlVault3 0 < 5.15.10.14

ControlVault3 Plus 0 < 6.2.26.36

News Articles

'ReVault' Flaws Impact Millions of Dell Laptops

The security vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.

References

https://www.dell.com/support/kbdoc/en-us/000276106/dsa-20...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered

  • Vulnerability published

  • Vulnerability Reserved

Credit

Discovered by Philippe Laulheret of Cisco Talos.
JSON
.