CVE-2025-32089
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-17
Last updated on: 2025-11-17
Assigner: Talos
Description
Description
A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this vulnerability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | controlvault3 | * |
| dell | controlvault3_plus | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the CvManager_SBI functionality of Dell ControlVault3 and Dell ControlVault3 Plus. It occurs when a specially crafted ControlVault API call is made, which can lead to arbitrary code execution by an attacker.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute arbitrary code on the affected system, potentially leading to full compromise of the device, including unauthorized access, data manipulation, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70