CVE-2025-25215
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-13

Last updated on: 2025-11-03

Assigner: Talos

Description
An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-13
Last Modified
2025-11-03
Generated
2026-05-06
AI Q&A
2025-06-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-25215
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-763 The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an arbitrary free issue in the cv_close functionality of Dell ControlVault3 and Dell ControlVault3 Plus. It can be triggered by a specially crafted ControlVault API call where an attacker forges a fake session, causing the system to improperly free memory, which may lead to unexpected behavior or exploitation.


How can this vulnerability impact me? :

The vulnerability has a high impact as indicated by its CVSS score of 8.8. It can lead to significant consequences including high confidentiality, integrity, and availability impacts. An attacker with low privileges and local access can exploit this to potentially cause system crashes, data corruption, or unauthorized actions.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart