CVE-2025-24311 HIGH

CVE-2025-24311: Dell ControlVault3/ControlVault3 Plus cv_send_blockdata out-of-bounds read vulnerability

Vendor Broadcom
Product BCM5820X
Weakness CWE-125
Published June 13, 2025
Last update November 3, 2025

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

What the vulnerability does

01Description

An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this vulnerability.

Key dates

02Disclosure timeline

June 13, 2025 CVE published
November 3, 2025 Record updated