CVE-2025-36463
📋 TL;DR
This vulnerability allows memory corruption through out-of-bounds read/write in Dell ControlVault biometric security components. Attackers can trigger it via a specially crafted WinBioControlUnit API call with invalid buffer size. Affects Dell systems with ControlVault3 or ControlVault3 Plus biometric security hardware.
💻 Affected Systems
- Dell ControlVault3
- Dell ControlVault3 Plus
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation leading to full system compromise, credential theft, or persistent backdoor installation.
Likely Case
Local privilege escalation allowing attackers to gain elevated privileges on affected systems.
If Mitigated
Limited impact if proper access controls restrict local user privileges and biometric features are disabled.
🎯 Exploit Status
Requires local access and ability to make specific API calls. Technical details published but no public exploit code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ControlVault3: 5.15.14.19+, ControlVault3 Plus: 6.2.36.47+
Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228
Restart Required: Yes
Instructions:
1. Download latest driver from Dell Support. 2. Install update. 3. Restart system. 4. Verify driver version in Device Manager.
🔧 Temporary Workarounds
Disable biometric authentication
windowsTemporarily disable Windows Hello biometric features to prevent API calls to vulnerable driver.
Windows Settings > Accounts > Sign-in options > Disable Windows Hello
Restrict local user privileges
windowsImplement least privilege for local users to limit impact of privilege escalation.
🧯 If You Can't Patch
- Implement strict access controls to limit local user privileges
- Disable biometric authentication features and use alternative authentication methods
🔍 How to Verify
Check if Vulnerable:
Check ControlVault driver version in Device Manager > Biometric devices > ControlVault WBDI Driver > Driver version.Check Version:
Get-WmiObject Win32_PnPSignedDriver | Where-Object {$_.DeviceName -like '*ControlVault*'} | Select-Object DeviceName, DriverVersionVerify Fix Applied:
Verify driver version is 5.15.14.19 or higher for ControlVault3, or 6.2.36.47 or higher for ControlVault3 Plus.📡 Detection & Monitoring
Log Indicators:
- Failed WinBioControlUnit API calls with ControlCode 4
- Unexpected process accessing biometric APIs
- Driver crash events
Network Indicators:
- Local API calls to biometric services
SIEM Query:
EventID=1 OR EventID=1000 AND ProcessName contains 'winbio' AND CommandLine contains 'ControlUnit'