Stack-based Buffer Overflow in Dell Client Platform BIOS
CVE-2025-29988

6.9MEDIUM

Key Information:

Vendor: Dell
Status: Dell Client Platform BiOS
Vendor: CVE Published:; 9 April 2025

Summary

The Dell Client Platform BIOS has been identified with a stack-based buffer overflow vulnerability. This issue enables a high privileged attacker with local access to exploit the vulnerability, which may result in arbitrary code execution on the affected system. It is crucial for users of affected BIOS versions to assess their risk and implement the necessary security measures.

Affected Version(s)

Dell Client Platform BIOS < 2.1.5

Dell Client Platform BIOS < 1.35.0

Dell Client Platform BIOS < 2.24.0

References

https://www.dell.com/support/kbdoc/en-in/000283859/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Mar 13, 2025

Credit

Dell would like to thank Matsuo Kazuki from FFRI Security, Inc. for reporting this issue.