CVE-2025-24311

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

8.4HIGH

EPSS

0.1%

top 74.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Controlvault3 Dell Controlvault3 Plus Broadcom Bcm5820x

Timeline

PublishedJun 13

Description

An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:HExploitability: 2.0 | Impact: 5.8

Affected Packages3 packages

▶CVEListV5dell/controlvault3_plus< 6.2.26.36

▶CVEListV5dell/controlvault3< 5.15.10.14

▶CVEListV5broadcom/bcm5820xNA

🔴Vulnerability Details

CVEList

Dell ControlVault3/ControlVault3 Plus cv_send_blockdata out-of-bounds read vulnerability↗2025-06-13

▶

GHSA

GHSA-5v6x-pfc7-q9g6: An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5↗2025-06-13

▶