Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Impact of vulnerabilities dubbed ReVault by analysts could be “significant”, but patches are thankfully available.
Researchers at Talos have detailed a suite of vulnerabilities in Dell laptops that could lead to the compromise of Windows systems and hardware-based persistence of malicious actors.
The five vulnerabilities – dubbed ReVault by Talos – impact Dell’s ControlVault3 Firmware and its Windows APIs in more than 100 models of Dell machines, mostly in its Precision and Latitude range of business laptops.
Dell’s ControlVault is a daughter board that “provides a secure bank that stores your passwords, biometric templates, and security codes within the firmware” – what Dell calls a Unified Security Hub. This hub connects security-related peripherals such as NFC and smartcard readers.
Unfortunately, the nature of what sectors use these devices makes it possible for a compromise to be particularly impactful.
“The current iterations of the product are called ControlVault3 and ControlVault3+. and can be found in more than 100 different models of actively supported Dell laptops, mostly from the business-centric Latitude and Precision series,” Talos said in a 5 August blog post.
“These laptop models are widely used in the cyber security industry, government settings and challenging environments in their Rugged version. Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment, as they are necessary to enable these security features.”
Two of the vulnerabilities (CVE-2025-24311 and CVE-2025-25050) are out-of-bound vulnerabilities, one a stack overflow vulnerability (CVE-2025-24922), and an arbitrary free bug (CVE-2025-25215). Talos also found an unsafe-deserialisation flaw (CVE-2025-24919) that impacts ControlVault’s Windows APIs.
Taken together, the vulnerabilities could allow a non-administrative user to trigger arbitrary code execution on the firmware, and possibly modify the firmware so an attacker can maintain persistence on a device even after a Windows reinstall.
A malicious actor with physical access to an impacted device could, in theory, open up the device physically and connect directly to the firmware, where the same vulnerabilities could be taken advantage of.
Talos was able to use both methods to exploit these vulnerabilities. Thankfully, Dell is on top of the issue, and patches are available for all impacted devices.
“As Talos demonstrated, vulnerabilities in widely-used firmware such as Dell ControlVault can have far-reaching implications, potentially compromising even advanced security features like biometric authentication,” Talos said.
“Staying vigilant, patching your systems and proactively assessing risk are essential to safeguard your systems against evolving threats.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
