ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop computer fashions can permit attackers to bypass Home windows login and set up malware that persists throughout system reinstalls.
Dell ControlVault is a hardware-based security resolution that shops passwords, biometric information, and security codes inside firmware on a devoted daughterboard, generally known as the Unified Safety Hub (USH).
The 5 vulnerabilities, reported by Cisco’s Talos security division and dubbed “ReVault,” have an effect on each the ControlVault3 firmware and its Home windows software programming interfaces (APIs) throughout Dell’s business-focused Latitude and Precision laptop computer collection.
These gadgets are in style in cybersecurity, authorities, and industrial environments, the place smartcards, fingerprints, and NFC are additionally generally used for authentication.
The entire record of ReVault vulnerabilities consists of out-of-bounds flaws (CVE-2025-24311, CVE-2025-25050), an arbitrary free vulnerability (CVE-2025-25215), a stack overflow (CVE-2025-24922, and an unsafe deserialization problem (CVE-2025-24919) affecting ControlVault’s Home windows APIs.
Dell has launched security updates to handle the ReVault flaws within the ControlVault3 driver and firmware between March and Might. The total record of impacted fashions is accessible in Dell’s security advisory.
Home windows login bypass and privilege escalation
Chaining these vulnerabilities can permit attackers to realize arbitrary code execution on the firmware, probably creating persistent implants that survive Home windows reinstalls.
They will additionally leverage bodily entry to bypass Home windows login or escalate native person privileges to the administrator degree.
“An area attacker with bodily entry to a person’s laptop computer can pry it open and immediately entry the USH board over USB with a customized connector,” Cisco Talos mentioned.
“From there, all of the vulnerabilities described beforehand change into in-scope for the attacker with out requiring the flexibility to log-in into the system or figuring out a full-disk encryption password.”
Profitable exploitation may allow attackers to govern fingerprint authentication, forcing the focused system to just accept any fingerprint fairly than solely these of legit customers.
Talos recommends retaining programs up to date by Home windows Replace or Dell’s web site, disabling unused security peripherals like fingerprint readers, sensible card readers, and NFC readers, and disabling fingerprint login in high-risk conditions.
To mitigate a few of the bodily assaults, the researchers additionally instructed enabling chassis intrusion detection in laptop BIOS settings to flag bodily tampering makes an attempt and Enhanced Signal-in Safety (ESS) in Home windows to detect inappropriate CV firmware.
Malware concentrating on password shops surged 3X as attackers executed stealthy Good Heist situations, infiltrating and exploiting vital programs.
Uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and defend towards them.
