CVE-2025-36553 HIGH

CVE-2025-36553: Dell ControlVault3 CvManager buffer overflow vulnerability

Vendor Broadcom
Product BCM5820X
Weakness CWE-120
Published November 17, 2025
Last update February 26, 2026

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability.

Key dates

02Disclosure timeline

November 17, 2025 CVE published
February 26, 2026 Record updated