Millions of Dell PCs at Risk from Broadcom Vulnerability Enabling Remote Hijack

Threat Score:

6 articles

100.0% similarity

14 hours ago

Activity Timeline

6 articles

Click to navigate

Aug 05

Aug 06

Oldest

Latest

Key Insights

Cisco Talos discovered five critical vulnerabilities in Dell's ControlVault3 firmware, collectively named 'ReVault,' impacting over 100 laptop models, particularly the Latitude and Precision series.

The vulnerabilities, including CVE-2025-24311 and CVE-2025-25050, allow attackers to maintain persistent access to systems, even after complete Windows reinstallation.

The flaws target the Broadcom BCM5820X security chip, which manages sensitive data such as passwords and biometric templates, raising concerns about data theft and system compromise.

Dell has released patches and provided a security advisory (DSA-2025-053), urging users to update their systems to mitigate the risks associated with these vulnerabilities.

According to a Dell spokesperson, 'Working with our firmware provider, we addressed the issues quickly and transparently disclosed the reported vulnerabilities in accordance with our Vulnerability Response Policy.'

As of now, no in-the-wild exploitation of these vulnerabilities has been reported, but experts advise immediate patching to prevent potential attacks.

Threat Overview

Cybersecurity researchers at Cisco Talos have identified five critical vulnerabilities in Dell's ControlVault3 security firmware, collectively referred to as 'ReVault.' These vulnerabilities affect over 100 models of Dell laptops, primarily from the Latitude and Precision series, which are widely used in business environments, including government agencies and cybersecurity firms. The vulnerabilities allow attackers to remotely hijack systems and maintain persistent access, even after a complete reinstallation of Windows. According to Cisco Talos, 'The vulnerabilities can be exploited in so-called ReVault attacks,' enabling attackers with non-administrative privileges to leak key material and permanently modify firmware. 'These laptop models are widely used in the cybersecurity industry, government settings, and challenging environments,' stated Phillipe Laulheret, a senior vulnerability researcher at Cisco Talos. The identified vulnerabilities include two out-of-bounds vulnerabilities (CVE-2025-24311, CVE-2025-25050), an arbitrary free flaw (CVE-2025-25215), a stack overflow bug (CVE-2025-24922), and an unsafe deserialization flaw (CVE-2025-24919). These vulnerabilities exploit the Broadcom BCM5820X security chip embedded in Dell’s ControlVault3, which is responsible for managing sensitive information. Attackers who gain physical access to the device or have non-administrative access can exploit these vulnerabilities to bypass security measures. Dell has responded by issuing patches and advising users to review the Dell Security Advisory DSA-2025-053 for detailed information on affected products and versions. The company emphasized its commitment to transparency, stating, 'Working with our firmware provider, we addressed the issues quickly.' Although no known exploitation has occurred in the wild, experts stress the importance of applying security updates promptly to prevent potential threats. As a precautionary measure, organizations utilizing the affected Dell models are urged to implement the available patches immediately to secure their devices against these vulnerabilities.

Tactics, Techniques & Procedures (TTPs)

CVE-2025-24311

Out-of-bounds Write - Attackers exploit this vulnerability to modify firmware [1][2]

CVE-2025-25050

Out-of-bounds Read - Allows attackers to leak sensitive information from the ControlVault firmware [2][3]

CVE-2025-25215

Arbitrary Free - Enables attackers to control memory management, potentially leading to code execution [1][3]

CVE-2025-24922

Stack Overflow - Attackers can exploit this flaw to gain elevated privileges on the device [2][4]

CVE-2025-24919

Unsafe Deserialization - Can be exploited to execute arbitrary code during object deserialization [1][3]

Physical Access Exploit

Attackers can bypass Windows login by directly interfacing with the Unified Security Hub over USB [2][4]

Persistent Backdoor Creation

Attackers can modify firmware to establish a permanent backdoor into the system [2][3]

Timeline of Events

2025-06-13

Dell notifies customers about vulnerabilities and begins addressing the issues [5]

2025-08-05

Cisco Talos publicly discloses the vulnerabilities, termed 'ReVault,' detailing their impact [1][2]

2025-08-06

Dell releases patches and security advisory DSA-2025-053 for affected products [5]

Ongoing

Users urged to apply patches immediately to prevent potential exploitation [5]

Source Citations

expert_quotes: {'Cisco Talos': 'Article 1', 'Dell spokesperson': 'Article 5', 'Phillipe Laulheret': 'Article 4'}

primary_findings: {'Exploitation evidence': 'Articles 2, 4', 'CVE details and patches': 'Articles 1, 3, 5', 'Vulnerable instance count': 'Article 2'}

technical_details: {'Attack methods': 'Articles 1, 2, 4', 'Persistence techniques': 'Articles 3, 5'}

Generated 3 minutes ago

Fresh Analysis

AI analysis may contain inaccuracies

6 articles

Millions of Dell PCs at Risk from Broadcom Vulnerability Enabling Remote Hijack

GB Hackers • 4 hours ago

Millions of Dell PCs at Risk from Broadcom Vulnerability Enabling Remote Hijack Cybersecurity researchers at Cisco Talos have discovered five critical vulnerabilities in Dell’s ControlVault3 security hardware that could affect millions of business laptops worldwide. The flaws, collectively dubbed “ReVault,” enable attackers to remotely hijack systems and maintain persistent access even after complete Windows reinstallation. The vulnerabilities affect more than 100 models of actively-supported De

Score

100.0% similarity

Critical Firmware Vulnerabilities Exposes Millions of Dell Laptops to Device Takeover and Malware Attacks

Cybersecurity News • 6 hours ago

A wide range of vulnerabilities affects millions of Dell laptops used by government agencies, cybersecurity professionals, and enterprises worldwide. The vulnerabilities, collectively dubbed “ReVault,” target the Broadcom BCM5820X security chip embedded in Dell’s ControlVault3 firmware, creating opportunities for attackers to steal passwords, biometric data, and maintain persistent access to compromised systems. The vulnerabilities affect more […]

Score

100.0% similarity

‘Critical’ firmware-level vulnerabilities found in laptops commonly used by security specialists

Therecord • 16 hours ago

According to the research published Tuesday, it is possible for an attacker to break into the ControlVault chip used in many laptops owned by security professionals and modify the firmware inside.

Score

89.0% similarity

Millions of Dell laptops could be persistently backdoored in ReVault attacks

Feeds2 • 15 hours ago

Millions of Dell laptops could be persistently backdoored in ReVault attacks A set of firmware vulnerabilities affecting 100+ Dell laptop models widely used in government settings and by the cybersecurity industry could allow attackers to achieve persistent access even across Windows reinstalls, Cisco Talos researchers have discovered. the vulnerabilities Most of the flaws reside in the firmware for ControlVault3 and ControlVault3+, which are hardware security components that store passwords, bi

Score

94.0% similarity

Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack

Theregister • 15 hours ago

Patches Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack Psst, wanna steal someone's biometrics? black hatCritical security flaws in Broadcom chips used in more than 100 models of Dell computers could allow attackers to take over tens of millions of users' devices, steal passwords, and access sensitive data, including fingerprint information, according to Cisco Talos. The five vulnerabilities, CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, CVE-2025-24919,

Score

88.0% similarity

Attacker could defeat Dell firmware flaws with a vegetable

Computer Weekly IT Security • 20 hours ago

Over 100 models of Dell laptop PCs across the enterprise-centric Lattitude and Precision ranges, and many thousands of individual devices, are at risk of compromise through a series of five common vulnerabilities and exposures (CVEs) that affect their security firmware and associated Microsoft Windows application programming interfaces (APIs), according to a new disclosure from the Cisco Talos threat lab. GPT.display('halfpage') GPT.display('mu-1') Collectively dubbed ReVault by the Talos resear

Score

93.0% similarity

VULNERABILITIES

Privilege Escalation

Persistent Access

Firmware Vulnerabilities

Firmware Vulnerability

Data Exposure

ATTACK TYPES

Remote Code Execution

Physical Access Attack

Firmware Exploitation

Data Leakage

INDUSTRIES

Cybersecurity

Government

PLATFORMS

Windows

COMPANIES

Cisco

Dell

CVES

CVE-2025-24922

CVE-2025-25050

CVE-2025-24311

CVE-2025-24919

CVE-2025-25215

CLUSTER INFORMATION

Cluster #1702

Created 14 hours ago

Semantic Algorithm

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Cluster Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Activity Timeline

Key Insights

Threat Overview

Tactics, Techniques & Procedures (TTPs)

Timeline of Events

Source Citations

Related Articles

Millions of Dell PCs at Risk from Broadcom Vulnerability Enabling Remote Hijack

Critical Firmware Vulnerabilities Exposes Millions of Dell Laptops to Device Takeover and Malware Attacks

‘Critical’ firmware-level vulnerabilities found in laptops commonly used by security specialists

Millions of Dell laptops could be persistently backdoored in ReVault attacks

Patch now: Millions of Dell PCs with Broadcom chips vulnerable to attack

Attacker could defeat Dell firmware flaws with a vegetable

Save to Folder

Cluster Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies