CVE-2025-36553
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-17
Last updated on: 2025-11-17
Assigner: Talos
Description
Description
A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | controlvault3 | * |
| dell | controlvault3_plus | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the CvManager functionality of Dell ControlVault3 and ControlVault3 Plus. It occurs when a specially crafted API call is made to the ControlVault, leading to memory corruption.
How can this vulnerability impact me? :
The vulnerability can lead to memory corruption, which may allow an attacker with limited privileges to execute arbitrary code, cause denial of service, or compromise the confidentiality, integrity, and availability of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70