CVE-2025-36463

HIGH EPSS 2.4%
Published Nov 17, 20257mo ago · Modified Jun 17, 20262w ago
7.3 CVSS 3.1
High
Find Similar
Published Nov 17, 2025 7mo ago
Last Modified Jun 17, 2026 2w ago

Description

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 4 (`WBIO_USH_ADD_RECORD`) and with an invalid `SendBufferSize`.

CVSS Details

Base Score
7.3
Exploitability
1.3
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-805

References 2

  • talosintelligence.com https://talosintelligence.com/vulnerability_reports/TALOS-2025-2175
  • dell.com https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.