Malware and password vulnerabilities threaten Dell ControlVault3

Various Dell computers running ControlVault 3 are vulnerable. To prevent potential attacks, administrators should update the application promptly.

Install Security Patch

Dell ControVault3 is a hardware-based security solution that stores access credentials such as passwords and biometric data. Attackers could now gain access to this data after successful attacks.

In a warning message, the computer manufacturer lists a total of seven security vulnerabilities. These are found in the Broadcom firmware and drivers. The post also lists the affected laptop models, such as Latitude 7330, Precision 7780, and Pro 13 Plus PB13250. The developers assure that ControlVault3 6.2.36.47 has been secured. All previous versions are vulnerable.

The Dangers

Two vulnerabilities (CVE-2025-36553 “high,” CVE-2025-32089 “high”) are considered the most dangerous, which attackers can exploit with a prepared ControlVault API call to the CvManager functionality. This leads to a buffer overflow, allowing malware to enter systems. After that, computers are generally considered fully compromised.

Another vulnerability (CVE-2025-31649) with a threat level of “high” can allow unauthorized access. The reason for this is a hardcoded password. Furthermore, attackers can gain higher privileges (CVE-2025-31361 “high”).

So far, there are no reports of attackers exploiting the vulnerabilities. Because a password store is an extremely lucrative target for cybercriminals, administrators should install the security update quickly. Otherwise, after a successful attack, attackers can gain extensive access to company PCs.

Just recently, Dell developers closed security vulnerabilities in Alienware Command Center.

(des)