Out-of-Bounds Read and Write Vulnerabilities in Dell ControlVault3 Products
CVE-2025-36462

7.3HIGH

Key Information:

Vendor: Broadcom
Status: Bcm5820x; Controlvault3; Controlvault3 Plus
Vendor: CVE Published:; 17 November 2025

What is CVE-2025-36462?

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver functionality of Dell ControlVault3 and Dell ControlVault3 Plus. When an attacker issues a specially crafted WinBioControlUnit call with specific parameters, it can lead to memory corruption by writing null-bytes beyond the intended memory boundaries. This vulnerability is associated with the ControlCode 3 (WBIO_USH_CREATE_CHALLENGE) and can occur when the ReceiveBuferSize is in a specific range. Addressing these vulnerabilities is crucial to prevent potential exploitation.

Affected Version(s)

BCM5820X NA

ControlVault3 0 < 5.15.14.19

ControlVault3 Plus 0 < 6.2.36.47

References

https://www.dell.com/support/kbdoc/en-us/000326061/dsa-20...

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Discovered by Philippe Laulheret of Cisco Talos.

JSON

Broadcom

What is CVE-2025-36462?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit