CVE-2025-24922Stack-based Buffer Overflow in Dell Controlvault3

CWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 73.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dell Controlvault3Dell Controlvault3 PlusBroadcom Bcm5820x
Timeline
PublishedJun 13

Description

A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

CVEListV5dell/controlvault3_plus< 6.2.26.36
CVEListV5dell/controlvault3< 5.15.10.14
CVEListV5broadcom/bcm5820xNA

🔴Vulnerability Details

2
CVEList
Dell ControlVault3/ControlVault3 Plus securebio_identify stack-based buffer overflow vulnerability2025-06-13
GHSA
GHSA-6hjr-3x4p-h5w8: A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 52025-06-13
CVE-2025-24922 — Stack-based Buffer Overflow in Dell | cvebase