A critical vulnerabilities affecting over 100 Dell laptop models that could allow attackers to completely compromise systems and steal sensitive data, including passwords and biometric information.
The vulnerabilities, collectively dubbed “ReVault” by Cisco Talos researchers, pose a significant threat to millions of business-critical devices worldwide.
Cisco Talos discovered five separate vulnerabilities in Dell’s ControlVault3 and ControlVault3+ firmware, which utilize Broadcom’s BCM5820X security chips.
These hardware-based security components are designed to store passwords, biometric templates, and security codes within firmware, serving as a “secure bank” for sensitive credentials on Dell business laptops.
The vulnerabilities include two out-of-bounds vulnerabilities(CVE-2025-24311 and CVE-2025-25050), an arbitrary memory corruption bug (CVE-2025-25215), a stack overflow vulnerability (CVE-2025-24922), and an unsafe deserialization vulnerability in the Windows APIs (CVE-2025-24919).
All vulnerabilities carry CVSS scores above 8.0, classifying them as “high severity” threats.
The affected systems span Dell’s business-focused Latitude and Precision series, which are widely deployed in cybersecurity companies, government agencies, and enterprise environments requiring enhanced security features.
These devices are particularly attractive targets because they’re used in sensitive industries that rely on smartcard or NFC authentication.
Broadcom Chip Vulnerabilities
Post-Compromise Persistence: Attackers who gain non-administrative access to a vulnerable laptop can exploit the firmware vulnerabilities to achieve permanent persistence.
By leveraging the Windows APIs to trigger code execution within the ControlVault firmware, malicious actors can steal cryptographic keys and permanently modify the firmware.
This creates an invisible backdoor that survives Windows reinstallations, making it extremely difficult to detect or remove.
Physical Access Attacks: The vulnerabilities also enable sophisticated physical attacks where an attacker with access to a laptop can open the device and connect directly to the Unified Security Hub (USH) board via USB.
This attack vector bypasses the need for login credentials or full-disk encryption passwords, allowing complete system compromise through hardware manipulation.
Perhaps most concerningly, attackers can modify the fingerprint authentication system to accept any input – including non-human objects.
Cisco Talos researchers demonstrated this capability by unlocking a vulnerable laptop using a spring onion as the “fingerprint”.
Widespread Enterprise Impact
Dell has released firmware updates addressing these vulnerabilities, with patches available since March 2025 through Dell’s support website and Windows Update.
The company classified the updates as “Critical” in security advisory DSA-2025-053, which lists all affected models and their corresponding firmware versions.
Organizations must prioritize immediate patching, particularly those in government, healthcare, and financial sectors where Dell business laptops are prevalent.
Until updates can be deployed, security teams should consider disabling ControlVault services if fingerprint readers, smart card readers, and NFC functionality are not essential.
Enhanced monitoring for unusual Windows Biometric Service crashes and implementing chassis intrusion detection where available can help identify potential exploitation attempts.
The ReVault vulnerabilities highlight the critical importance of securing all hardware components within enterprise devices, not just operating system software.
With millions of Dell business laptops potentially affected worldwide, organizations must act swiftly to protect against these sophisticated firmware-level attacks that could compromise entire networks through trusted corporate devices.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
