EUVD-2025-18307Severity by source
AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability.
AnalysisAI
Critical deserialization vulnerability in Dell ControlVault3 that allows unauthenticated local attackers to achieve arbitrary code execution by sending specially crafted responses to the cvhDecapsulateCmd functionality. The vulnerability affects ControlVault3 prior to version 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. An attacker who can compromise ControlVault firmware or intercept responses can trigger remote code execution with system-level privileges, making this a high-impact vulnerability despite the moderate attack complexity requirement.
Technical ContextAI
CVE-2025-24919 exploits unsafe deserialization of untrusted input in the cvhDecapsulateCmd command handler within Dell's ControlVault3 security appliance. ControlVault3 is a hardware security module (HSM) and key management solution that processes cryptographic operations and credential management. The vulnerability stems from CWE-502 (Deserialization of Untrusted Data), where serialized objects from ControlVault responses are deserialized without proper validation. An attacker who compromises the ControlVault firmware or can perform man-in-the-middle attacks on the communication channel can craft malicious serialized payloads that execute arbitrary code during the deserialization process. This affects Dell ControlVault3 (CPE: cpe:2.3:a:dell:controlvault3:*) versions before 5.15.10.14 and ControlVault3 Plus (CPE: cpe:2.3:a:dell:controlvault3_plus:*) versions before 6.2.26.36. The vulnerability is particularly dangerous because ControlVault appliances typically operate in sensitive infrastructure roles managing encryption keys and authentication credentials.
RemediationAI
Dell has released security updates to address this vulnerability. Immediate remediation steps: (1) Upgrade Dell ControlVault3 installations to version 5.15.10.14 or later; (2) Upgrade Dell ControlVault3 Plus installations to version 6.2.26.36 or later. Access Dell's security advisory and patches through the Dell Support portal and official security advisories. Organizations unable to immediately patch should: implement network segmentation to restrict access to ControlVault appliances from untrusted networks; monitor firmware integrity using Dell's hardware security mechanisms; disable cvhDecapsulateCmd functionality if not required for operational needs; implement host-based monitoring to detect unauthorized code execution attempts. Firmware integrity verification should be performed post-update to ensure patch integrity.
More from same product – last 7 days
Missing authentication on a critical function in Dell PowerFlex Manager allows an adjacent-network attacker to invoke pr
SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote atta
Authentication bypass in Dell PowerFlex Manager allows an unauthenticated attacker with adjacent-network access to gain
Improper authentication in Dell PowerFlex Manager allows unauthenticated attackers with adjacent network access to bypas
SQL injection in Dell Wyse Management Suite (WMS) versions prior to 2605 allows authenticated low-privileged remote atta
Share
External POC / Exploit Code
Leaving vuln.today