CVE-2025-24311

Published Jun 13, 2025

Last updated 2 months ago

CVSS high 8.4
Firmware

Overview

Description
An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this vulnerability.
Source
talos-cna@cisco.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.4
Impact score
5.8
Exploitability score
2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
Severity
HIGH

Weaknesses

talos-cna@cisco.com
CWE-125

Social media

Hype score
Not currently trending

  1. https://t.co/BWwoqzWPtd CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, CVE-2025-24919 Tengo un montón de usuarios de portátiles DELL con Linux

    @trblnyx

    7 Aug 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  2. 🔨Googleが8月の月例パッチをリリース、悪用が確認されたQualcommの脆弱性2件などを修正(CVE-2025-21479、CVE-2025-27038他) 💻Broadcomチップ搭載のDell製PC100機種以上に複数の重大な欠陥、早急なパッチ適用を呼びか

    @MachinaRecord

    6 Aug 2025

    158 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Dell社ラップトップ100機種以上のセキュリティチップ、Dell ControlVaultに深刻な脆弱性。CVE-2025-24311、CVE-2025-25050、CVE-2025-25215、CVE-2025-24922、CVE-2025-24919の5件。パスワードや生体データの保存に使用されている部品

    @__kokumoto

    6 Aug 2025

    1477 Impressions

    8 Retweets

    18 Likes

    6 Bookmarks

    1 Reply

    0 Quotes

  4. CVE-2025-24311 Out-of-Bounds Read Information Leak in Dell ControlVault3 API Before 5.15.10.14 https://t.co/hv9of8P1jF

    @VulmonFeeds

    13 Jun 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-24311 An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.… https://t.co/5QSZTp5zK5

    @CVEnew

    13 Jun 2025

    635 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Check Point Security Gateway Improper Authentication VulnerabilityCVE-2026-50751
  2. Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output VulnerabilityCVE-2026-20245
  3. Palo Alto Networks PAN-OS Authentication Bypass VulnerabilityCVE-2026-0257
  4. In the Linux kernel, the following vulnerability has been resolved: comedi: me_daq: Fix potential overrun of firmware buffer `me2600_xilinx_download()` loads the firmware that was requested by `request_firmware()`. It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable `file_length` and reads the data stream contents of length `file_length` from offset 16 onwards. Although it checks that the supplied firmware is at least 16 bytes long, it does not check that it is long enough to contain the data stream. Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return `-EINVAL`.CVE-2026-31748
  5. Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.CVE-2024-54011

References

Sources include official advisories and independent security research.