4 matches found
CVE-2025-24919
A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can...
CVE-2025-25215
CVE-2025-25215 affects Dell ControlVault3 and ControlVault3 Plus; an arbitrary-free vulnerability resides in the cv_close path due to insufficient session validation. Talos’ analysis shows an attacker can forge a fake session on the CV firmware (for sessions allocated on the device heap) and trig...
CVE-2025-24311 Dell ControlVault3/ControlVault3 Plus cv_send_blockdata out-of-bounds read vulnerability
An out-of-bounds read vulnerability exists in the cvsendblockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this...
CVE-2025-24311
Affected software: Dell ControlVault3 and ControlVault3 Plus firmware and related Windows driver interactions (cvusbdrv.sys) with the CA/firmware stack. Vulnerability: An out-of-bounds read in cv_send_blockdata can be triggered by a crafted ControlVault API call, leading to information disclosure...