Skip to main content

Dell CVE-2025-24922

| EUVDEUVD-2025-18303 HIGH
Stack-based Buffer Overflow (CWE-121)
2025-06-13 talos-cna@cisco.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:38 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
5.15.10.14,6.2.26.36
EUVD ID Assigned
Mar 14, 2026 - 21:34 euvd
EUVD-2025-18303
Analysis Generated
Mar 14, 2026 - 21:34 vuln.today
CVE Published
Jun 13, 2025 - 21:15 nvd
HIGH 8.8

DescriptionCVE.org

A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability.

AnalysisAI

Stack-based buffer overflow vulnerability in Dell ControlVault3's securebio_identify functionality that allows local attackers with low privileges to execute arbitrary code with high impact across the system. The vulnerability affects ControlVault3 versions prior to 5.15.10.14 and ControlVault3 Plus versions prior to 6.2.26.36, and can be triggered via a specially crafted API call with a malicious cv_object parameter.

Technical ContextAI

This vulnerability exists in the securebio_identify API function of Dell ControlVault3, a credential and identity management solution. The root cause is a classic stack-based buffer overflow (CWE-121: Stack-based Buffer Overflow), where insufficient input validation on the cv_object parameter allows an attacker to write beyond allocated stack memory boundaries. ControlVault3 is a security application that manages biometric and credential data; the securebio_identify function likely processes biometric identification requests. The affected CPE strings are: cpe:2.3:a:dell:controlvault3:*:*:*:*:*:*:*:* (versions <5.15.10.14) and cpe:2.3:a:dell:controlvault3_plus:*:*:*:*:*:*:*:* (versions <6.2.26.36). Stack-based overflows are particularly dangerous because they can overwrite return addresses and local variables, enabling direct code execution control.

RemediationAI

  • action: Immediate Patching; details: Update Dell ControlVault3 to version 5.15.10.14 or later. Update Dell ControlVault3 Plus to version 6.2.26.36 or later. Patches should be deployed through Dell's security advisory channels.
  • action: Access Control; details: Implement strict local access controls to ControlVault3-enabled systems. Restrict user account privileges to minimum necessary levels. Disable or restrict API access to the securebio_identify function for untrusted local users.
  • action: Input Validation; details: Until patches are applied, implement endpoint detection and response (EDR) solutions configured to detect stack buffer overflow exploitation patterns and suspicious securebio_identify API calls with oversized cv_object parameters.
  • action: Monitoring; details: Monitor system logs for abnormal calls to securebio_identify API endpoints, unexpected privilege escalations on ControlVault3 systems, and segmentation fault/crash events in ControlVault3 processes.
  • action: Vendor Advisory; details: Consult Dell's official security advisory for CVE-2025-24922 for detailed patch availability, compatibility notes, and rollback procedures. Check dell.com/support for the latest security bulletins.

More in Dell

View all
CVE-2012-2962 MEDIUM POC
6.5 Jul 30

SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2

CVE-2014-8420 CRITICAL POC
9.0 Nov 25

The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before

CVE-2012-3951 HIGH POC
7.5 Jul 31

The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default passwor

CVE-2014-4977 MEDIUM POC
6.5 Jul 16

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute

CVE-2026-22769 CRITICAL
10.0 Feb 17

Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) t

CVE-2014-125113 CRITICAL POC
9.3 Aug 05

An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance vers

CVE-2012-2626 MEDIUM POC
5.0 Jul 31

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not requir

CVE-2014-8272 MEDIUM POC
5.0 Dec 19

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57

CVE-2017-10955 HIGH
8.8 Oct 19

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection

CVE-2012-2627 CRITICAL POC
9.4 Jul 31

d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote at

CVE-2021-21551 HIGH POC
7.8 May 04

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privile

CVE-2025-36604 HIGH POC
7.3 Aug 04

Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('

Share

CVE-2025-24922 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy