How to fix EUVD-2025-18306?

Within 24 hours: Inventory all Dell ControlVault3 and ControlVault3 Plus deployments and document current versions (prioritize pre-5.15.10.14 and pre-6.2.26.36 installations). Within 7 days: Implement network segmentation to restrict ControlVault API access to trusted administrative networks only and disable unnecessary remote access if operationally feasible. Within 30 days: Monitor Dell security advisories daily for patch release; establish pre-approved testing and deployment procedures to apply patches within 48 hours of availability.

Is Memory Corruption affected by EUVD-2025-18306?

Dell ControlVault3 and ControlVault3 Plus installations are vulnerable to arbitrary memory deallocation attacks that could lead to system crashes or potential code execution.

EUVD-2025-18306

| CVE-2025-25215 HIGH

2025-06-13 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:34 euvd

EUVD-2025-18306

Analysis Generated

Mar 14, 2026 - 21:34 vuln.today

CVE Published

Jun 13, 2025 - 22:15 nvd

HIGH 8.8

Description

An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability.

Analysis

A security vulnerability in the cv_close functionality of Dell ControlVault3 (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Technical Context

Vulnerability type not specified by vendor. CVSS 8.8 indicates high severity. Affects the cv_close functionality of Dell ControlVault3.

Affected Products

['the cv_close functionality of Dell ControlVault3']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

EUVD-2025-18306 vulnerability details – vuln.today

Back

EUVD-2025-18306

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-18306

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code