CVE-2025-31361 HIGH

CVE-2025-31361: Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation vulnerability

Vendor Broadcom
Product BCM5820X
Weakness CWE-908
Published November 17, 2025
Last update February 26, 2026

CVSS base score

8.7/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability.

Key dates

02Disclosure timeline

November 17, 2025 CVE published
February 26, 2026 Record updated