SB2025111847 - Multiple vulnerabilities in Dell ControlVault3 and ControlVault3 Plus

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Use of hard-coded credentials (CVE-ID: CVE-2025-31649)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to presence of hard-coded credentials in application code in the ControlVault WBDI Driver functionality. A local user can use a specially crafted ControlVault API call and execute priviledged operation.

2) Buffer overflow (CVE-ID: CVE-2025-32089)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the CvManager_SBI functionality. A local user can use a specially crafted ControlVault API call, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Use of uninitialized resource (CVE-ID: CVE-2025-31361)

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to usage of uninitialized resources in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality. A local user can use a specially crafted WinBioControlUnit call and gain elevated privileges on the target system.

4) Out-of-bounds write (CVE-ID: CVE-2025-36460)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the ControlVault WBDI Driver Broadcom Storage Adapter functionality within WBIO_USH_GET_IDENTITY. A local user can use a specially crafted WinBioControlUnit call, trigger an out-of-bounds write and execute arbitrary code on the target system.

5) Out-of-bounds read (CVE-ID: CVE-2025-36463)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the ControlVault WBDI Driver Broadcom Storage Adapter functionality within WBIO_USH_ADD_RECORD. A local user can use a specially crafted WinBioControlUnit call, trigger an out-of-bounds read error and cause a denial of service condition on the system.

6) Out-of-bounds write (CVE-ID: CVE-2025-36462)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the ControlVault WBDI Driver Broadcom Storage Adapter functionality within WBIO_USH_CREATE_CHALLENGE. A local user can use a specially crafted WinBioControlUnit call, trigger an out-of-bounds write and execute arbitrary code on the target system.

7) Out-of-bounds write (CVE-ID: CVE-2025-36461)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the ControlVault WBDI Driver Broadcom Storage Adapter functionality within WBIO_USH_GET_TEMPLATE. A local user can use a specially crafted WinBioControlUnit call, trigger an out-of-bounds write and execute arbitrary code on the target system.

8) Buffer overflow (CVE-ID: CVE-2025-36553)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the CvManager functionality. A local user can trigger memory corruption and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2173
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2188
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2174
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2175
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2189