H-ISAC TLP White Vulnerability Bulletin: Critical ControlVault3 Security Firmware Flaws Discovered

On August 5, 2025, Cisco Talos announced a wide range of vulnerabilities, collectively known as ReVault, affecting over 100 models of Dell laptops, specifically the Latitude and Precision series.

The flaws target the Broadcom BCM5820X security chip within Dell's ControlVault3 (CV) firmware, which is designed to securely store passwords and biometric data. Cisco Talos researchers identified five critical vulnerabilities that allow for potential information leakage, code execution, and firmware modification.

The vulnerabilities have been assigned the following CVEs:

• CVE-2025-24311: An out-of-bounds read vulnerability that enables information leakage
• CVE-2025-25050: An out-of-bounds write flaw allowing code execution
• CVE-2025-25215: An arbitrary memory free vulnerability
• CVE-2025-24922: A stack-based buffer overflow enabling arbitrary code execution
• CVE-2025-24919: An unsafe deserialization flaw in ControlVault’s Windows APIs

This is particularly concerning as attackers could establish persistent undetected access even after a complete operating system reinstallation.

Physical attacks are also possible. An attacker can access the USH board to tamper with the firmware. For example, a compromised laptop's biometric authentication could be modified to accept any fingerprint.

Dell and Broadcom have released firmware updates to address these issues, and customers are urged to apply the patches immediately to versions before ControlVault3

View the detailed bulletin below.