Stratos Ally

Dell Laptops Face Critical Bugs Enabling Biometric Bypass

Picture of StratosAlly

StratosAlly

Dell Laptops Face Critical Bugs Enabling Biometric Bypass

A set of serious vulnerabilities has been found in the ControlVault3 firmware powering Dell’s security chip in over 100 laptop models. These flaws, dubbed ReVault, affect over 100 models in the Dell Latitude and Precision lines, widely deployed in government, cybersecurity, and other sensitive sectors, where features like fingerprint, smartcard, and NFC authentication are standard.  

Researchers at Cisco Talos have disclosed five high-impact vulnerabilities tied to the Broadcom BCM5820X chip, the hardware responsible for handling the most sensitive functions of Dell laptops, including fingerprint matching, password, and smartcard management. This chip sits at the heart of Dell’s Unified Security Hub (USH), which links the system to hardware security components such as NFC readers and biometric scanners. 

Talos uncovered five distinct security flaws affecting Dell’s ControlVault 3 and ControlVault 3+ platforms, tracked as CVE-2025-24311, CVE-2025-25050, CVE-2025-25215, CVE-2025-24922, and CVE-2025-24919. The identified vulnerabilities include out-of-bounds read and write (information disclosure and code execution), arbitrary memory free, stack-based buffer overflow, and unsafe deserialization, together enabling attackers to leak data, overwrite memory, escalate privileges, or execute code at the firmware level, all classified as high severity (CVSS >8.0). If exploited, they could allow an attacker to access protected information, execute unauthorized code, or manipulate system memory. In the worst-case scenario, attackers could quietly install persistent implants inside the firmware itself. These implants would survive even a full Windows reinstall, since they operate below the operating system level, where antivirus software has no visibility.  

The threat is both remote and physical. Researchers showed how a standard user account could access vulnerable Windows APIs and trigger firmware-level changes, potentially leading to theft of encryption keys. A non-administrative user can exploit exposed Windows APIs to gain firmware-level access, extract cryptographic keys, and install persistent malware undetectable by antivirus or OS-level tools. Separately, an attacker with brief physical access can connect to the Unified Security Hub via USB, bypassing credentials and disk encryption to directly alter the firmware. Researchers demonstrated that tampered firmware could falsely authenticate any fingerprint, including non-human items, as shown when a spring onion was used to unlock a device, highlighting how an attacker could disable biometric security entirely. 

Dell began releasing firmware patches in March 2025, in collaboration with Broadcom, targeting flaws in ControlVault 3. Systems running versions below 5.15.10.14 (ControlVault3) and 6.2.26.36 (ControlVault3+) remain vulnerable.  

Dell began releasing firmware patches in March 2025, in collaboration with Broadcom, addressing flaws in ControlVault 3. Devices running versions below 5.15.10.14 (CV3) and 6.2.26.36 (ControlVault 3) remain vulnerable. Dell notified customers on June 13, 2025, with updates available via Windows Update and the Dell support platform. In enterprise environments with custom update policies, administrators should verify and manually install these critical patches.

Cisco Talos warns that firmware threats, like ReVault, can create lasting backdoors, urging organizations to treat hardware as part of the overall security surface, not just the software stack.

more Related articles