CVE-2025-24919
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-13

Last updated on: 2025-11-03

Assigner: Talos

Description
A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-13
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-06-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-24919
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a deserialization of untrusted input issue in the cvhDecapsulateCmd functionality of Dell ControlVault3 and ControlVault3 Plus firmware versions prior to 5.15.10.14 and 6.2.26.36 respectively. It allows an attacker who has compromised the ControlVault firmware to craft a malicious response to a command, which can lead to arbitrary code execution on the affected device.


How can this vulnerability impact me? :

The vulnerability can allow an attacker to execute arbitrary code on the affected Dell ControlVault firmware, potentially compromising the security and integrity of the device. This could lead to unauthorized access, data manipulation, or further exploitation of the system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart