A high-severity vulnerability has been identified in the Dell ControlVault3 driver software, affecting multiple Dell products. This flaw, rated 7.3 on the CVSS scale, could allow a local attacker to read or write to unauthorized memory locations, potentially leading to system crashes, sensitive information disclosure, or complete system compromise. Organizations are urged to apply the vendor-provided security updates to mitigate this significant risk.

The vulnerability consists of multiple out-of-bounds read and write flaws within the ControlVault WBDI Driver, specifically in the Broadcom Storage Adapter functionality. An attacker with local access to a vulnerable system could send specially crafted requests to the driver. This action could cause the driver to access memory outside the boundaries of its intended buffer, leading to a memory corruption state. An out-of-bounds read could allow the attacker to access sensitive system data from memory, while an out-of-bounds write could be leveraged to cause a system crash (Denial of Service) or execute arbitrary code with kernel-level privileges.

This vulnerability is rated as High severity with a CVSS score of 7.3. Successful exploitation could lead to a complete compromise of system confidentiality, integrity, and availability. An attacker could escalate privileges from a low-privileged user to full system control, enabling them to install malware, exfiltrate sensitive data, or disrupt business operations by causing system instability. For an organization, this poses a direct risk of data breaches, operational downtime, and potential non-compliance with data protection regulations, impacting both finances and reputation.

Immediate Action: Immediately apply the security updates provided by Dell to upgrade the Dell ControlVault3 software to version 5 or later across all affected endpoints. Prioritize patching for systems used by privileged users or those that handle sensitive corporate data.

Proactive Monitoring: Implement enhanced monitoring on endpoints for signs of exploitation. This includes watching for unexpected system reboots or crashes (e.g., Blue Screen of Death), reviewing Windows Event Logs for errors related to the bcmwbfld.sys or similar drivers, and using an Endpoint Detection and Response (EDR) solution to detect anomalous process behavior or memory access patterns.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce risk. Enforce the principle of least privilege to limit the ability of user accounts to interact with system drivers. Utilize application control or whitelisting solutions to prevent the execution of unauthorized code. Ensure EDR solutions are configured to detect and block common memory corruption exploitation techniques.

Public Exploit Available: false

This vulnerability presents a high risk to the security of Dell workstations and laptops within the environment. Given the potential for privilege escalation and data theft, immediate remediation is critical. We strongly recommend that all affected Dell systems be patched on an urgent basis. Although CVE-2025-36463 is not currently on the CISA KEV list, its high severity score warrants immediate action to prevent its potential use in future targeted attacks.