- Description
- An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability.
- Source
- talos-cna@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 6
- Exploitability score
- 2
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
- talos-cna@cisco.com
- CWE-763
- Hype score
- Not currently trending
🛡️ Critical flaws found in Dell ControlVault3 firmware: CVE-2025-25215, 25050, 24919 💣 Risks include code execution, privilege escalation & memory corruption. 📌 Patch now. Read more: https://t.co/SmqSY6bhGB #infosec #vulnalert #dellsecurity https://t.co/qeMwmmrJ5L
@threatsbank
14 Jun 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25215 An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A spec… https://t.co/3AfXEuD0NE
@CVEnew
13 Jun 2025
794 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes