June 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Defender Spoofing Bug Allows Privilege Escalation ABD AD Access
June 16, 2025Multiple Microsoft Products Vulnerabilities
June 16, 2025Defender Spoofing Bug Allows Privilege Escalation ABD AD Access
June 16, 2025Multiple Microsoft Products Vulnerabilities
June 16, 2025
Severity
High
Analysis Summary
CVE-2025-24919 CVSS:8.1
A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise the ControlVault firmware and have it craft a malicious response to trigger this vulnerability.
CVE-2025-25215 CVSS:8.8
An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability.
Impact
- Code Execution
- Gain Access
Indicators of Compromise
CVE
CVE-2025-24919
CVE-2025-25215
Affected Vendors
- Dell
Affected Products
- Dell ControlVault3 prior to 5.15.10.14
- Dell ControlVault3 Plus prior to 6.2.26.36
Remediation
Refer to the Dell Website for patch, upgrade, or suggested workaround information.