Philippe Laulheret
·
Published
2025-06-13
·
Updated
2025-08-08
·
CVE-2025-25050
8.8
High
| Base vector | Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Dell ControlVault3 versions prior to 5.15.10.14
Dell ControlVault 3 Plus versions prior to 6.2.26.36
Description:
An out-of-bounds write vulnerability exists in the `cv upgrade sensor firmware` function of Dell ControlVault3 and Dell ControlVault 3 Plus. A specially crafted ControlVault API call can trigger this vulnerability, leading to an out-of-bounds write. An attacker can issue an API call to exploit this issue.
Recommendations:
Dell ControlVault3 versions prior to 5.15.10.14: Update to version 5.15.10.14 or later.
Dell ControlVault 3 Plus versions prior to 6.2.26.36: Update to version 6.2.26.36 or later.
Fix
Memory Corruption