Dell ControlVault: Attackers can completely compromise systems
Dell's ControlVault is designed to secure the login with its own hardware. Security loopholes in it allow the systems to be compromised.
(Image: vectorfusionart/Shutterstock.com)
There are security gaps in the drivers and firmware in Dell's ControlVault that allow attackers to inject and execute malicious code and thus take over systems. Dell offers updated software to close the security leaks.
Dell ControlVault is designed to store sensitive information securely, such as passwords, biometric credentials and security codes, with additional hardware. It provides a secure environment for managing authentication methods such as fingerprint recognition, smart card support or NFC. To achieve this, hardware drivers, a driver for the biometric framework for Windows and the ControlVault firmware must be installed on the devices. Dell is now warning of five security vulnerabilities in the drivers and firmware, all of which are highly risky.
Dell ControlVault: critical risk
Dell is being cautious with the details of the gaps in the warning, only naming the CVE numbers and classifying the risk as “critical”, in contrast to the CVSS values. In Dell ControlVault 3 and the Plus variant, a prepared API call can lead to write accesses outside the intended memory limits (CVE-2025-25050 / EUVD-2025-18302, CVSS 8.8, risk “high”). In the securebio_identify function, a manipulated cv_object can trigger a buffer overflow on the stack and subsequently the execution of injected malicious code (CVE-2025-24922 / EUVD-2025-18303, CVSS 8.8, risk “high”). Attackers can use crafted API calls to provoke an unplanned release of resources – there is no indication of what they can abuse this for (CVE-2025-25215 / EUVD-2025-18306, CVSS 8.8, risk “high”).
Furthermore, malicious actors can gain unauthorized access to information, as a manipulated API call enables read access outside of intended memory limits (CVE-2025-24311 / EUVD-2025-18304, CVSS 8.4, risk “high”). If attackers cause a compromised ControlVault firmware to issue a malicious response to a cvhDecapsulateCmd function command, this could lead to deserialization of untrusted input and subsequent execution of arbitrary code (CVE-2025-24919 / EUVD-2025-18307, CVSS 8.1, risk “high”).
Videos by heise
The versions Dell ControlVault3 5.15.10.14 and Dell ControlVault3 Plus 6.2.26.36 and newer patch the vulnerabilities. Broadcom's BCM5820X is also vulnerable, but Dell has not named any software versions that eliminate the problems.
However, the list of affected devices is detailed. Dell also links to updated software packages for each device in the security notice, which admins and users should download and install quickly. The manufacturer lists several devices from the Dell Pro Max, Dell Pro Plus, Dell Pro Rugged, Latitude Tablets, Latitude 2-in-1, Latitude, Latitude Detachable and Precision series. Anyone who owns these models should download and install the available updates as soon as possible. Some of them have been available since March.
(dmk)
