Flaws Expose 100 Dell Laptop Models to Implants, Windows Login Bypass
securityweekReVault vulnerabilities in the ControlVault3 firmware in Dell laptops could lead to firmware modifications or Windows login bypass.
Five vulnerabilities in the ControlVault3 firmware and the associated Windows APIs expose millions of Dell laptops to persistent implants and Windows login bypasses via physical access, Cisco Talos reports.
The issues, tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919, were initially disclosed on June 13, when Dell announced that patches for them were rolled out for over 100 Dell Pro, Latitude, and Precision models.
The affected component, ControlVault3 (and the ControlVault3+ iteration), is a hardware-based system meant to securely store passwords, biometric information, and security codes.
CVE-2025-24311 and CVE-2025-25050 are out-of-bounds issues that could be triggered via specially crafted ControlVault API calls to leak information or write outside the allocated memory, while CVE-2025-25215 leads to an arbitrary free via a crafted call and can be triggered via a forged session.
CVE-2025-24922 and ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE