What is the CVSS score of CVE-2025-25215?

CVE-2025-25215 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Dell are affected by CVE-2025-25215?

Dell ControlVault3 contains a high-severity vulnerability (CVSS 8.8) in the cv_close functionality that could allow unauthorized access or system compromise.. A patch is available.

How to fix or mitigate CVE-2025-25215?

Within 24 hours: Inventory all systems running Dell ControlVault3 and document current versions. Within 7 days: Obtain and validate the vendor-released patch from Dell's security advisory for ControlVault3 and test in a non-production environment. Within 30 days: Deploy the patched version across all affected ControlVault3 instances in production, prioritizing systems managing sensitive cryptographic material.

Dell CVE-2025-25215

EUVD-2025-18306 HIGH

Release of Invalid Pointer or Reference (CWE-763)

2025-06-13 talos-cna@cisco.com

Use After Free Memory Corruption Dell

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:38 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

6.2.26.36,5.15.10.14

EUVD ID Assigned

Mar 14, 2026 - 21:34 euvd

EUVD-2025-18306

Analysis Generated

Mar 14, 2026 - 21:34 vuln.today

CVE Published

Jun 13, 2025 - 22:15 nvd

HIGH 8.8

DescriptionNVD

An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability.

AnalysisAI

A security vulnerability in the cv_close functionality of Dell ControlVault3 (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Technical ContextAI

Vulnerability type not specified by vendor. CVSS 8.8 indicates high severity. Affects the cv_close functionality of Dell ControlVault3.

RemediationAI

Monitor vendor channels for patch availability.

More from same product – last 7 days

CVE-2025-26483 MEDIUM This Month

6.1 May 22

Open redirect vulnerability in Dell PowerFlex Manager 4.6.2 and prior enables unauthenticated remote attackers to craft

CVE-2025-32751 MEDIUM This Month

5.5 May 22

Dell PowerFlex Manager versions 4.6.2 and earlier improperly store sensitive information in a manner accessible to low-p

CVE-2025-32747 MEDIUM This Month

5.3 May 22

Incorrect Privilege Assignment in Dell PowerFlex Manager version 4.6.2 and earlier (both Appliance and Rack form factors

CVE-2025-32749 MEDIUM This Month

5.3 May 22

Directory listing exposure in Dell PowerFlex Manager versions 4.6.2 and earlier allows an attacker to enumerate director

CVE-2025-32745 MEDIUM This Month

4.2 May 22

Improper certificate validation in Dell PowerFlex Manager version 4.6.2 and earlier allows an unauthenticated attacker o

CVE-2025-25215 vulnerability details – vuln.today

Back

Dell CVE-2025-25215

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code