Introduction
Attackers can escalate from a standard user to system privileges on over 100 Dell Latitude and Precision models by abusing a flaw in the ControlVault3 security module. This vulnerability directly impacts hardware trusted to protect biometric data and credentials in enterprise environments, making it a high-priority concern for organizations relying on Dell's security stack.
Dell Technologies is a global leader in enterprise and consumer hardware, with millions of Latitude and Precision laptops deployed worldwide. The ControlVault3 security module, based on Broadcom's BCM5820X chip, is integral to Dell's hardware-based credential and biometric protection. Vulnerabilities in this module have far-reaching implications for endpoint security in sectors such as government, finance, and healthcare.
Technical Information
CVE-2025-31361 is a privilege escalation vulnerability in the WBIO_USH_ADD_RECORD functionality of the ControlVault WBDI (Windows Biometric Device Interface) Driver. The flaw exists due to insufficient validation of parameters passed via the WinBioControlUnit API call. A local attacker with low privileges can craft a specific API request that triggers the vulnerability, resulting in escalation to system or administrative privileges. No user interaction is required, and the attack complexity is low.
The vulnerability is classified as CWE-908 (Use of Uninitialized Resource). This suggests that the driver may process uninitialized memory or resources when handling the WBIO_USH_ADD_RECORD operation, allowing unintended code execution paths. The exploitability is local, requiring the attacker to have code execution on the target system, but does not require administrative access to initiate the attack. The vulnerability affects the driver layer interfacing with the Broadcom-based ControlVault3 hardware, which manages biometric and credential storage.
CVE-2025-31361 is part of the broader ReVault group of vulnerabilities, which includes multiple critical flaws in ControlVault3 firmware and drivers. These related issues include out-of-bounds writes, buffer overflows, and deserialization flaws, all of which could be chained for more complex attacks or persistence mechanisms.
Affected Systems and Versions (MUST BE SPECIFIC)
- Dell ControlVault3 prior to version 5.15.14.19
- Dell ControlVault3 Plus prior to version 6.2.36.47
- Impacted product lines include Dell Latitude 5000 and 7000 series, Precision 3000 series, and Dell Pro models
- Vulnerable configurations are those with the affected driver and firmware versions installed and active
Vendor Security History
Dell ControlVault3 has been the subject of multiple critical vulnerabilities discovered by external researchers, notably Cisco Talos. The ReVault group (CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, CVE-2025-24919) highlights recurring issues in firmware and driver validation. Dell has responded with coordinated advisories and timely patch releases, but the reliance on external discovery for such critical flaws suggests room for improvement in pre-release security validation, especially for hardware security modules.
