Dell ControlVault3 cv_upgrade_sensor_firmware out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2025-2137 Dell ControlVault3 cv_upgrade_sensor_firmware out-of-bounds write vulnerability August 9, 2025 CVE Number CVE-2025-25050 SUMMARY An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 5.14.3.0. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an api call to trigger this vulnerability. CONFIRMED VULNERABLE VERSIONS The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor. Broadcom BCM5820X Dell ControlVault3 5.14.3.0 Dell ControlVault3 Driver and Firmware prior to 5.15.10.14 Dell ControlVault3 Plus Driver and Firmware prior to 6.2.26.36 PRODUCT URLS ControlVault3 – https://dell.com/ BCM5820X – https://www.broadcom.com/products/embedded-and-networking-processors/secure/bcm5820x CVSSv3 SCORE 8.7 – CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H CWE CWE-787 – Out-of-bounds Write DETAILS Dell ControlVault is a hardware based solution that can securely store passwords, biometric templates and security codes. It can interface with smart cards, Near-field Communication (NFC) devices and fingerprint readers. The hardware solution is based on the Broadcom BCM5820X chip series. On Windows, any low privilege user can interface with the ControlVault3 hardware. In order to do so, a userland dll bcmbipdll.dll can be used to talk with the device driver cvusbdrv.sys which in…Read More