CVE-2025-36460
BaseFortify
Publication date: 2025-11-17
Last updated on: 2025-11-18
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | controlvault3 | * |
| dell | controlvault3_plus | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-805 | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves multiple out-of-bounds read and write issues in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 and Dell ControlVault3 Plus before certain versions. Specifically, a specially crafted WinBioControlUnit API call with ControlCode 2 and a ReceiveBufferSize between 5 and 79 can cause an out-of-bounds write of up to 75 bytes. This can lead to memory corruption, potentially allowing an attacker to manipulate memory if they can control the data in the identity database.
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption, which may allow an attacker with limited privileges to escalate their access or cause denial of service. Because the vulnerability affects confidentiality, integrity, and availability (all rated high), it could result in unauthorized access to sensitive data, system instability, or crashes.