Critical Security Flaw Found And Fixed In Millions Of Dell PCs, Update ASAP
The first two identified vulnerabilities are out-of-bounds read and write flaws, impacting the ControlVault (CV) firmware. These flaws are tracked as CVE-2025-24311 and CVE-2025-25050. A successful exploit of either of these flaws can enable attackers to access and even write data to memory.
Another vulnerability is tracked as CVE-2025-25215, and it also impacts the CV firmware. When exploited, malicious actors can manipulate memory on Dell PC systems for any purpose.
Two additional vulnerabilities uncovered are tracked as CVE-2025-24922 and CVE-2025-24919. Both of them impact the CV firmware as well. The first can enable attackers to use a malicious program to add data that exceeds what is allocated to a stack-allocated buffer. The latter, however, is an "Unsafe-deserialization" vulnerability, which could allow attackers to execute arbitrary code.

Since all five vulnerabilities impact the ControlVault firmware on Dell systems, users should update their devices by installing the latest firmware from Dell's website. To do this, head over to Dell's support page and in the "Identify your product" text field, type your "Dell Service Tag, Dell EMC Product ID, or Model" and click the Search button. Find the update for your system on the subsequent page and then follow the onscreen instructions to complete the process. Alternatively, Windows users may be able to get the update via Windows Update.