How Flaws in Dell Firmware Could Help Compromises Persist

Philippe Laulheret of Cisco Talos on Vulnerabilities in ControlVault Firmware Aseem Jakhar • August 13, 2025

Security flaws in Dell's ControlVault firmware allowed attackers to run code on the chip, extract stored secrets and alter its behavior. By chaining these exploits, hackers could send malicious data to Windows components, achieve system-level access and bypass fingerprint authentication, said Philippe Laulheret, senior vulnerability researcher at Cisco Talos.

See Also: What Manufacturing Leaders Are Learning About Cloud Security - from Google’s Frontline

Laulheret said the firmware lacked modern protections such as address space layout randomization, or ASLR, and stack cookies, making exploitation easier. Legacy and unused code widened the attack surface.

"These chips … their job is to improve your security posture, but they can also bring a new attack surface that you may have to mitigate against," Laulheret said. "What they [enterprises] can do is try to understand the secret exposure of the ...