CVE-2025-36462

High CVSS: 7.3

Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 3 (`WBIO_USH_CREATE_CHALLENGE`) with an invalid `ReceiveBuferSize`.

Vendor

Product

CWE

CWE-805

Yayın Tarihi

2025-11-17 23:15:53

Güncelleme

2025-11-18 14:06:29

Source Identifier

talos-cna@cisco.com

KEV Date Added

Kategoriler

CWE-805 HIGH 2025

Referanslar

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2175 https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228