A high-severity vulnerability has been identified in the Dell ControlVault3 driver, affecting multiple Dell products. This flaw, tracked as CVE-2025-36461, involves memory corruption issues that could allow a local attacker to read sensitive information or execute malicious code with elevated system privileges, leading to a complete compromise of the affected workstation or laptop.

The vulnerability consists of multiple out-of-bounds read and write flaws within the ControlVault WBDI Driver, specifically in the Broadcom Storage Adapter functionality. An authenticated local attacker can send specially crafted requests to the driver. Due to insufficient input validation, these requests can cause the driver to read from or write to memory locations outside of the intended buffer, leading to memory corruption. A successful exploit could result in the disclosure of sensitive kernel-level information (out-of-bounds read) or arbitrary code execution with SYSTEM privileges (out-of-bounds write), effectively granting the attacker full control over the local machine.

This vulnerability is rated as High severity with a CVSS score of 7.3. Successful exploitation poses a significant risk to the confidentiality, integrity, and availability of affected systems. An attacker with low-level user access could escalate their privileges to the highest level (SYSTEM/Administrator), allowing them to bypass all security controls, install persistent malware or ransomware, exfiltrate sensitive corporate data, and use the compromised machine as a pivot point to attack other systems on the network. This could lead to data breaches, operational disruption, and reputational damage.

Immediate Action: Identify all Dell systems with Dell ControlVault3 installed and apply the vendor-provided security update to upgrade the software to version 5 or later immediately. Prioritize patching for systems used by privileged users and those handling sensitive data. Following the update, monitor for any signs of exploitation attempts by reviewing system and application event logs for crashes or unexpected behavior related to the ControlVault driver.

Proactive Monitoring: Enhance endpoint monitoring to detect potential exploitation. Configure Endpoint Detection and Response (EDR) solutions to alert on suspicious processes interacting with the ControlVault WBDI driver (cvh.sys or similar). Monitor system logs for unexpected driver failures or memory access errors. Watch for unauthorized account privilege escalations or the creation of new local administrator accounts.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. Enforce the principle of least privilege to ensure users do not have administrative rights on their local machines, limiting the initial attack surface. Utilize application whitelisting to prevent the execution of unauthorized tools that could be used to trigger the exploit.

Public Exploit Available: false

Given the high severity (CVSS 7.3) and the potential for a complete system compromise via local privilege escalation, this vulnerability requires immediate attention. Organizations are strongly advised to prioritize the deployment of the vendor-supplied patches across all affected Dell endpoints. The risk of a low-privilege user or malware gaining full system control is significant. While there is no current evidence of active exploitation, the vulnerability's nature makes it a prime target for future development, and proactive remediation is the most effective defense.