CVE-2025-36461 Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability

🗓️ 17 Nov 2025 22:50:19Reported by talosType

Dell ControlVault3 WBDI driver allows out-of-bounds read/write via WinBioControlUnit WBIO_USH_GET_TEMPLATE; affects versions before 5.15.14.19 and 6.2.36.47.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-36461	17 Nov 202514:30	–	circl
CNNVD	Dell ControlVault3和Dell ControlVault3 Plus 安全漏洞	17 Nov 202500:00	–	cnnvd
CVE	CVE-2025-36461	17 Nov 202522:50	–	cve
EUVD	EUVD-2025-197891	17 Nov 202522:50	–	euvd
NVD	CVE-2025-36461	17 Nov 202523:15	–	nvd
Positive Technologies	PT-2025-47227	17 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-36461	19 Nov 202500:10	–	redhatcve
Talos	Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability	17 Nov 202500:00	–	talos
Vulnrichment	CVE-2025-36461 Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability	17 Nov 202522:50	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "BCM5820X",
    "vendor": "Broadcom",
    "versions": [
      {
        "status": "affected",
        "version": "NA"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ControlVault3",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "5.15.14.19",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "ControlVault3 Plus",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "6.2.36.47",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
dell	www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2025-2175

18 Nov 2025 02:47Current

CVSS 3.17.3

EPSS0.00115

CWE-805