CVE-2025-24311
Dell ControlVault3/Dell ControlVault3 Plus Out-of-Bounds Read Information Leak
Description
An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this vulnerability.
INFO
Published Date :
June 13, 2025, 9:15 p.m.
Last Modified :
June 16, 2025, 12:32 p.m.
Remotely Exploit :
No
Source :
[email protected]
Affected Products
The following products are affected by CVE-2025-24311
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Update Dell ControlVault3 to 5.15.10.14.
- Update Dell ControlVault3 Plus to 6.2.26.36.
Public PoC/Exploit Available at Github
CVE-2025-24311 has a 1 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-24311.
| URL | Resource |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-24311 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-24311
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
SecDB - Security Feeds
cve security-feeds vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-24311 vulnerability anywhere in the article.
-
The Hacker News
Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models
Aug 09, 2025Ravie LakshmananVulnerability / Hardware Security Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that c ... Read more
-
The Hacker News
CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials
Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open ... Read more
-
BleepingComputer
ReVault flaws let hackers bypass Windows login on Dell laptops
ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls. Dell ControlVault i ... Read more
-
CybersecurityNews
Millions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attacks
A wide range of vulnerabilities affects millions of Dell laptops used by government agencies, cybersecurity professionals, and enterprises worldwide. The vulnerabilities, collectively dubbed “ReVault, ... Read more
-
The Register
Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack
black hat Critical security flaws in Broadcom chips used in more than 100 models of Dell computers could allow attackers to take over tens of millions of users' devices, steal passwords, and access se ... Read more
-
Help Net Security
Millions of Dell laptops could be persistently backdoored in ReVault attacks
A set of firmware vulnerabilities affecting 100+ Dell laptop models widely used in government settings and by the cybersecurity industry could allow attackers to achieve persistent access even across ... Read more
-
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Over 100 Dell Laptop Models Plagued by Vulnerabilities Impacting Millions
Cybersecurity giant Cisco has found serious security vulnerabilities in more than 100 Dell laptop models, putting tens of millions of devices at risk worldwide. This was revealed in a report shared by ... Read more
The following table lists the changes that have been made to the
CVE-2025-24311 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by [email protected]
Jun. 13, 2025
Action Type Old Value New Value Added Description An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this vulnerability. Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H Added CWE CWE-125 Added Reference https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053