CVE-2025-36460

Name of the Vulnerable Software and Affected Versions Dell ControlVault3 versions prior to 5.15.14.19 Dell ControlVault3 Plus versions prior to 6.2.36.47

Description The software contains out-of-bounds read and write issues within the ControlVault WBDI Driver Broadcom Storage Adapter functionality. A crafted WinBioControlUnit call can cause memory corruption. The issue is triggered when a WinBioControlUnit call is submitted to the StorageAdapter with the ControlCode 2 (WBIO USH GET IDENTITY) and a ReceiveBuferSize between 4 and 79 bytes. This can result in an out-of-bound write of up to 75 bytes. The data written may be null bytes or attacker-controlled data if another issue is leveraged to place attacker-controlled data within the database. The vulnerability is triggered via an API call.

Recommendations Update Dell ControlVault3 to version 5.15.14.19 or later. Update Dell ControlVault3 Plus to version 6.2.36.47 or later.