PT-2025-25447 · Dell · Dell Controlvault 3 Plus+1
Philippe Laulheret
·
Published
2025-06-13
·
Updated
2025-08-08
·
CVE-2025-25050
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell ControlVault3 versions prior to 5.15.10.14
Dell ControlVault 3 Plus versions prior to 6.2.26.36
Description
An out-of-bounds write vulnerability exists in the
cv upgrade sensor firmware function of Dell ControlVault3 and Dell ControlVault 3 Plus. A specially crafted ControlVault API call can trigger this vulnerability, leading to an out-of-bounds write. An attacker can issue an API call to exploit this issue.Recommendations
Dell ControlVault3 versions prior to 5.15.10.14: Update to version 5.15.10.14 or later.
Dell ControlVault 3 Plus versions prior to 6.2.26.36: Update to version 6.2.26.36 or later.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Controlvault 3 Plus
Dell Controlvault3