CVE-2025-24922

Published Jun 13, 2025

Last updated 2 months ago

CVSS high 8.8
Firmware

Overview

Description
A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability.
Source
talos-cna@cisco.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
6
Exploitability score
2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

talos-cna@cisco.com
CWE-121

Social media

Hype score
Not currently trending

  1. ⚠️Múltiples vulnerabilidades en Dell ControlVault3 ❗CVE-2025-25215 ❗CVE-2025-24922 ❗CVE-2025-25050 ➡️Más info: https://t.co/DZklMVtNSU https://t.co/X8FAEIlkfj

    @CERTpy

    13 Aug 2025

    79 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. https://t.co/BWwoqzWPtd CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, CVE-2025-24919 Tengo un montón de usuarios de portátiles DELL con Linux

    @trblnyx

    7 Aug 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  3. Dell社ラップトップ100機種以上のセキュリティチップ、Dell ControlVaultに深刻な脆弱性。CVE-2025-24311、CVE-2025-25050、CVE-2025-25215、CVE-2025-24922、CVE-2025-24919の5件。パスワードや生体データの保存に使用されている部品

    @__kokumoto

    6 Aug 2025

    1477 Impressions

    8 Retweets

    18 Likes

    6 Bookmarks

    1 Reply

    0 Quotes

  4. CVE-2025-24922 Stack-Based Buffer Overflow in Dell ControlVault3 Leading to Arbitrary Code Execution https://t.co/9fltpDFWrr

    @VulmonFeeds

    13 Jun 2025

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-24922 A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prio… https://t.co/FRAikFLJ8W

    @CVEnew

    13 Jun 2025

    758 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [CVE-2025-24922: HIGH] A critical stack-based buffer overflow vulnerability in Dell ControlVault3 software can allow attackers to execute arbitrary code via a specially crafted cv_object. Update to versions ...#cve,CVE-2025-24922,#cybersecurity https://t.co/WpOlDpfMY3 https://t.c

    @CveFindCom

    13 Jun 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Check Point Security Gateway Improper Authentication VulnerabilityCVE-2026-50751
  2. Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output VulnerabilityCVE-2026-20245
  3. Palo Alto Networks PAN-OS Authentication Bypass VulnerabilityCVE-2026-0257
  4. In the Linux kernel, the following vulnerability has been resolved: comedi: me_daq: Fix potential overrun of firmware buffer `me2600_xilinx_download()` loads the firmware that was requested by `request_firmware()`. It is possible for it to overrun the source buffer because it blindly trusts the file format. It reads a data stream length from the first 4 bytes into variable `file_length` and reads the data stream contents of length `file_length` from offset 16 onwards. Although it checks that the supplied firmware is at least 16 bytes long, it does not check that it is long enough to contain the data stream. Add a test to ensure that the supplied firmware is long enough to contain the header and the data stream. On failure, log an error and return `-EINVAL`.CVE-2026-31748
  5. Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.CVE-2024-54011

References

Sources include official advisories and independent security research.