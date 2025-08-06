Security flaws can be a major source of headache, both for end-users and for IT admins. However, it's highly recommended that patches are rolled out and applied as soon as possible, especially for severe vulnerabilities. This is now the case with millions of Dell PCs which are under a cybersecurity threat due to flaws in Broadcom chips.

Dell has issued an advisory indicating that lots of its PCs have a critical flaw due to a vulnerability present in the Broadcom series BCM5820X chip. This hardware is typically used in Dell Precision and Latitude laptops, which are primarily leveraged in business settings but may be used in personal environments too.

The advisory has been tagged as DSA-2025-053, and it lists five vulnerabilities, namely:

CVE-2025-24311

CVE-2025-25215

CVE-2025-24922

CVE-2025-25050

CVE-2025-24919

All of these security holes deal with issues in the built-in ControlVault3 feature, which is a hardware-based mechanism used to store sensitive information such as passwords, biometrics, and more in the firmware.

A quick view of the vulnerabilities on the National Vulnerability Database (NVD) indicates that specially crafted ControlVault3 APIs can be used by malicious actors to leak information, arbitrarily free memory, execute code remotely, and write to out-of-bounds memory locations. All of these have CVSS scores of greater than 8.0, tagging them as "high", which is probably why Dell has classified its updates as "Critical" in its own advisory.

A Dell spokesperson informed The Register that customers were privately informed of this vulnerability on June 13. It appears that details have only recently been made public in light of generally available fixes. The spokesperson noted that

Working with our firmware provider, we addressed the issues quickly and transparently disclosed the reported vulnerabilities in accordance with our Vulnerability Response Policy. Customers can review the Dell Security Advisory DSA-2025-053 for information on affected products, versions, and more. [...] As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure.

Patches for ControlVault3 driver and firmware are accessible through the dedicated links in Dell's advisory here. There has not been any evidence of the security flaw being exploited in the wild. The scope of the issue is currently unclear too, but it's expected to impact tens of millions of PCs given how common Dell Precision and Latitude laptops are in business environments.