CVE-2025-24922

Published Jun 13, 2025

Last updated 2 months ago

CVSS high 8.8
Firmware

Overview

Description
A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability.
Source
talos-cna@cisco.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
6
Exploitability score
2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

talos-cna@cisco.com
CWE-121

Social media

Hype score
Not currently trending

  1. ⚠️Múltiples vulnerabilidades en Dell ControlVault3 ❗CVE-2025-25215 ❗CVE-2025-24922 ❗CVE-2025-25050 ➡️Más info: https://t.co/DZklMVtNSU https://t.co/X8FAEIlkfj

    @CERTpy

    13 Aug 2025

    79 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. https://t.co/BWwoqzWPtd CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, CVE-2025-24919 Tengo un montón de usuarios de portátiles DELL con Linux

    @trblnyx

    7 Aug 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  3. Dell社ラップトップ100機種以上のセキュリティチップ、Dell ControlVaultに深刻な脆弱性。CVE-2025-24311、CVE-2025-25050、CVE-2025-25215、CVE-2025-24922、CVE-2025-24919の5件。パスワードや生体データの保存に使用されている部品

    @__kokumoto

    6 Aug 2025

    1477 Impressions

    8 Retweets

    18 Likes

    6 Bookmarks

    1 Reply

    0 Quotes

  4. CVE-2025-24922 Stack-Based Buffer Overflow in Dell ControlVault3 Leading to Arbitrary Code Execution https://t.co/9fltpDFWrr

    @VulmonFeeds

    13 Jun 2025

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-24922 A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prio… https://t.co/FRAikFLJ8W

    @CVEnew

    13 Jun 2025

    758 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [CVE-2025-24922: HIGH] A critical stack-based buffer overflow vulnerability in Dell ControlVault3 software can allow attackers to execute arbitrary code via a specially crafted cv_object. Update to versions ...#cve,CVE-2025-24922,#cybersecurity https://t.co/WpOlDpfMY3 https://t.c

    @CveFindCom

    13 Jun 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Check Point Security Gateway Improper Authentication VulnerabilityCVE-2026-50751
  2. Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output VulnerabilityCVE-2026-20245
  3. Memory corruption while using Strongbox due to missing bounds check.CVE-2026-25276
  4. Memory corruption while using Strongbox due to buffer overflow.CVE-2026-25277
  5. Palo Alto Networks PAN-OS Authentication Bypass VulnerabilityCVE-2026-0257

References

Sources include official advisories and independent security research.