A set of vulnerabilities affecting millions of Dell laptops used by government agencies, cybersecurity professionals, and enterprises worldwide. The vulnerability known as “ReVault,” mainly target the Broadcom BCM5820X security chip embedded in Dell’s ControlVault3 firmware.

This subsequently create opportunities for attackers to steal passwords, biometric data, and maintain persistent access to compromised systems.

How does the vulnerability work

Most of the flaws reside in the firmware for ControlVault3 and ControlVault3+, which are hardware security components that store passwords, biometric templates, and security codes.

The lists includes:

• Two out-of-bounds vulnerabilities (CVE-2025-24311, CVE-2025-25050)
• An arbitrary free (CVE-2025-25215) flaw
• A stack-overflow bug (CVE-2025-24922)
• An unsafe-deserialization flaw (CVE-2025-24919)

According to the researchers, the vulnerabilities can be exploited in so-called ReVault attacks by:

• Attackers who have achieved non-administrative access/privileges on a vulnerable target laptop. The vulnerabilities may allow them to interact with the ControlVault firmware and leak key material that would allow them to permanently modify the firmware (i.e., effectively creating a potential backdoor into the system)
• Attackers that have physical access to the laptop. They could pry the device open, use a custom connector to access the Unified Security Hub board (which runs ControlVault) over USB, and exploit those vulnerabilities – all without having to log into the system beforehand or having knowledge of the full-disk encryption password.

“Another interesting consequence of this scenario is that if a system is configured to be unlocked with the user’s fingerprint, it is also possible to tamper with the CV firmware to accept any fingerprint,” as per researchers.

Technical details have not been publicly shared, but they have, of course, been privately reported to Dell and Broadcom.

These are 5 critical vulnerabilities of ReVault found by Cisco Talos researcher

ReVault Attack – Five Critical Vulnerabilities

ControlVault3 and ControlVault3+ systems:

• CVE-2025-24311: An out-of-bounds read vulnerability that enables information leakage
• CVE-2025-25050: An out-of-bounds write flaw allowing code execution
• CVE-2025-25215: An arbitrary memory free vulnerability
• CVE-2025-24922: A stack-based buffer overflow enabling arbitrary code execution
• CVE-2025-24919: An unsafe deserialization flaw in ControlVault’s Windows APIs

Importance of device security posture/Endpoint security

The incident highlight how device posture check is designed to evaluate threat that a device poses to an organization and its systems.

The persistent nature of these attacks represents a significant escalation in firmware-based threats, as the malicious code resides below the operating system level.

Here traditional antivirus solutions cannot detect or remove it. Now sophistication of cyber threats means that organizations need to become more proactive in terms of defense.

The identification and mitigation of a threat early on, via an effective and clearly defined security posture, reduces costs, lessens downtime, and minimizes reputational damage.

Periodic security audits are essential to have a complete check on all the security features of the organization. Such audits identify vulnerabilities in the current security controls and allow for ensuring things align properly with industry standards. 

Importance of Endpoint security

End point security detect and prevent security threats like file-based malware attacks among other malicious activities. It also provides investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.

Conclusion:

Protecting against endpoint attacks is challenging for organisation because endpoints exist where humans and machines intersect. With the increasing number of adversaries trying to breach organizations using sophisticated cyberattacks, quickly detecting potential threats will help speed the remediation process and keep data protected.

(Source: https://www.helpnetsecurity.com/2025/08/05/dell-laptops-firmware-vulnerabilities-revault-attacks/)