CVE-2025-36463
HIGH EPSS 2.4%
Published Nov 17, 20257mo ago · Modified Jun 17, 20262w ago
7.3 CVSS 3.1
Published Nov 17, 2025 7mo ago
Last Modified Jun 17, 2026 2w ago
Description
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 4 (`WBIO_USH_ADD_RECORD`) and with an invalid `SendBufferSize`.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-805
References 2
- talosintelligence.com https://talosintelligence.com/vulnerability_reports/TALOS-2025-2175
- dell.com https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.