CVE-2025-36460
📋 TL;DR
This vulnerability allows memory corruption through out-of-bounds read/write in Dell ControlVault biometric security components. Attackers can trigger it via a specially crafted WinBioControlUnit API call with improper buffer size. Affects Dell systems using ControlVault3 or ControlVault3 Plus biometric authentication.
💻 Affected Systems
- Dell ControlVault3
- Dell ControlVault3 Plus
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise, credential theft, or disabling biometric security features.
Likely Case
Local privilege escalation allowing attackers to gain elevated privileges on affected systems.
If Mitigated
Limited impact if proper access controls prevent local execution or if biometric features are disabled.
🎯 Exploit Status
Requires local execution capability and knowledge of WinBioControlUnit API calls with specific parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ControlVault3: 5.15.14.19+, ControlVault3 Plus: 6.2.36.47+
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228
Restart Required: Yes
Instructions:
1. Download latest ControlVault firmware from Dell Support. 2. Run installer with administrative privileges. 3. Restart system when prompted.
🔧 Temporary Workarounds
Disable biometric authentication
windowsTemporarily disable Windows Hello or other biometric authentication features
Disable via Windows Settings > Accounts > Sign-in options
🧯 If You Can't Patch
- Restrict local access to systems using biometric authentication
- Implement application whitelisting to prevent unauthorized WinBioControlUnit calls
🔍 How to Verify
Check if Vulnerable:
Check ControlVault firmware version in Device Manager > Biometric Devices > ControlVault propertiesCheck Version:
wmic path Win32_PnPSignedDriver where "DeviceName like '%ControlVault%'" get DriverVersionVerify Fix Applied:
Verify firmware version is 5.15.14.19 or higher for ControlVault3, or 6.2.36.47 or higher for ControlVault3 Plus📡 Detection & Monitoring
Log Indicators:
- Unusual WinBioControlUnit API calls with ControlCode 2
- Biometric service crashes or unexpected restarts
Network Indicators:
- Local system calls only - no network indicators
SIEM Query:
EventID 4688 OR ProcessName contains 'WinBioControlUnit' AND CommandLine contains 'ControlCode=2'