Out-of-Bounds Vulnerabilities in Dell ControlVault3 and ControlVault3 Plus
CVE-2025-36460

7.3HIGH

Key Information:

Vendor: Broadcom
Status: Bcm5820x; Controlvault3; Controlvault3 Plus
Vendor: CVE Published:; 17 November 2025

What is CVE-2025-36460?

Multiple out-of-bounds vulnerabilities have been identified in the functionality of Dell ControlVault3 and ControlVault3 Plus, primarily affecting the ControlVault WBDI Driver. These vulnerabilities can be exploited through a specially crafted API call, specifically via the WinBioControlUnit, which may cause memory corruption. The critical aspect is the submission of a control code that manipulates the received buffer size, potentially allowing attackers to overwrite memory with controlled data if additional vulnerabilities are present.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BCM5820X NA

ControlVault3 0 < 5.15.14.19

ControlVault3 Plus 0 < 6.2.36.47

References

https://www.dell.com/support/kbdoc/en-us/000326061/dsa-20...

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Discovered by Philippe Laulheret of Cisco Talos.

JSON

Broadcom

What is CVE-2025-36460?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.