black hat Critical security flaws in Broadcom chips used in more than 100 models of Dell computers could allow attackers to take over tens of millions of users’ devices, steal passwords, and access sensitive data, including fingerprint information, according to Cisco Talos.
The five vulnerabilities, CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, CVE-2025-24919, exist in Broadcom BCM5820X series chips that Cisco says are found in tens of millions of Dell business PCs with ControlVault3, primarily its Latitude and Precision series. ControlVault3 is a hardware-based secure enclave used to store sensitive info such as passwords, biometrics, and security codes in firmware.
A Dell spokesperson told The Register that it notified customers about updates to fix these bugs on June 13.
“Working with our firmware provider, we addressed the issues quickly and transparently disclosed the reported vulnerabilities in accordance with our Vulnerability Response Policy,” the Dell spokesperson said. “Customers can review the Dell Security Advisory DSA-2025-053 for information on affected products, versions, and more.”
Both Dell and Talos told The Register that they are not aware of any in-the-wild exploitation of the CVEs. “As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure,” the Dell spokesperson said.
Broadcom did not respond to The Register‘s inquiries.
A Talos spokesperson told The Register that the researchers aren’t aware of any other uses for Broadcom BCM5820X chips outside of these Dell computers.
These laptop models are widely used in the cybersecurity industry, government settings, and challenging environments
“These laptop models are widely used in the cybersecurity industry, government settings and challenging environments in their Rugged version,” Talos senior vulnerability researcher Philippe Laulheret said in a Tuesday report. “Sensitive industries that require heightened security when logging in (via smartcard or NFC) are more likely to find ControlVault devices in their environment, as they are necessary to enable these security features.”
Laulheret will discuss the security holes and how they can be abused by a low-privilege user to fully compromise the chip, steal its secrets, and gain persistence on its application firmware during a Wednesday talk at Black Hat.
The researcher also showed a couple of attack scenarios in videos embedded in today’s report.
In one video, Laulheret showed how to exploit CVE-2025-24919, an unsafe-deserialization vulnerability that affects ControlVault’s Windows APIs.
“A non-administrative user can interact with the CV firmware using its associated APIs and trigger an arbitrary code execution on the CV firmware,” he said. “From this vantage point, it becomes possible to leak key material essential to the security of the device, thus gaining the ability to permanently modify its firmware.”
Even worse: an attacker could implant a backdoor in the computer’s ControlVault firmware and go unnoticed by the user, all while maintaining persistent access to the compromised machine.
While this is the most likely attack scenario, Laulheret also detailed how a local attacker with physical access to a vulnerable laptop could “pry it open and directly access the USH board over USB with a custom connector,” for example: if a user left their laptop unattended in a hotel room.
This would allow the attacker to compromise the machine without logging in to the system, or using a full-disk encryption password — and is at least theoretically possible without the user knowing that someone has just physically broken into their PC.
Chassis-intrusion can be detected, but only if this security feature is enabled beforehand.
“Another interesting consequence of this scenario is that if a system is configured to be unlocked with the user’s fingerprint, it is also possible to tamper with the CV firmware to accept any fingerprint rather than only allowing a legitimate user’s,” Laulheret wrote.
To mitigate this risk, Talos recommends disabling fingerprint login in situations — like the hotel room — with elevated risk of someone physically compromising your machine.
And, as always, keep your systems up to date and make sure you’re running the latest firmware version. As Talos notes, CV firmware can be auto-deployed via Windows Update, but Dell typically releases firmware a few weeks before. ®
Source link
