1. Overview
2. Summary
3. Recommendations
4. References
5. Support

A major security advisory was recently issued for Dell laptops, affecting millions of devices across more than 100 Latitude and Precision models. The vulnerabilities, collectively known as ReVault, were discovered in the Broadcom BCM5820X chip’s firmware, which underpins Dell’s ControlVault3 and ControlVault3+—hardware modules trusted to securely store sensitive data such as passwords and biometric credentials.

Although current assessments indicate a low likelihood of exploitation, this situation could evolve. Therefore, timely patching is highly recommended.

The ReVault vulnerabilities allow attackers to bypass core security features, including biometric authentication, extract credentials, execute persistent firmware implants, and evade detection—even surviving a complete operating system reinstall. There are five CVEs associated with this discovery:

• CVE-2025-24311: Out-of-bounds read (information leak)
• CVE-2025-25050: Out-of-bounds write (arbitrary code execution)
• CVE-2025-25215: Arbitrary memory free (possible firmware instability)
• CVE-2025-24922: Stack-based buffer overflow (code execution)
• CVE-2025-24919: Unsafe deserialization via Windows APIs

Update ControlVault3 to version 5.15.10.14 or newer, and ControlVault3+ to 6.2.26.36 or newer. Dell released these updates in March 2025, available through Windows Update and Dell’s support portal.

Monitor for unusual activity: Review system logs for anomalous biometric events or unauthorized access to credential vaults.

Disabling ControlVault services or the device in Device Manager if you are not using security peripherals (fingerprint reader, smart card, NFC)

Stay informed: Continue to monitor Dell advisories for future updates or additional mitigations, and ensure all laptops (including those newly purchased or reimaged) are kept up to date.

• CVE-2025-24311 | cve.org
• CVE-2025-25050 | cve.org
• CVE-2025-25215 | cve.org
• CVE-2025-24922 | cve.org
• CVE-2025-24919 | cve.org
• Millions of Dell laptops vulnerable to device takeover and persistent malware attacks | Cyber Security News

As always, please let us know if you have any questions or concerns or see unusual activity on your systems that you believe might be associated with this or any other vulnerability. Please send these communications to security.response@utoronto.ca.