CVE-2025-24922 is a stack-based buffer overflow vulnerability classified under CWE-121, found in the securebio_identify functionality of Dell ControlVault3 and ControlVault3 Plus firmware embedded in Broadcom BCM5820X devices. The vulnerability arises when the system processes a specially crafted cv_object, which overflows a stack buffer, corrupting adjacent memory and enabling arbitrary code execution. Exploitation requires an attacker to have local access with limited privileges and the ability to invoke a specific API call that triggers the vulnerable code path. The flaw affects Dell ControlVault3 versions prior to 5.15.10.14 and ControlVault3 Plus versions prior to 6.2.26.36. The vulnerability has a CVSS v3.1 base score of 8.8, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and scope changed (S:C). The impact on confidentiality, integrity, and availability is high, as successful exploitation can lead to arbitrary code execution with escalated privileges within the secure environment. No public exploits or patches are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The Broadcom BCM5820X is a component commonly used in secure authentication modules, making this vulnerability critical for systems relying on hardware-based security.

The vulnerability allows an attacker with limited local privileges to execute arbitrary code within the secure environment of Dell ControlVault3 devices, potentially compromising sensitive authentication processes and cryptographic operations. This can lead to unauthorized access to protected credentials, manipulation of authentication mechanisms, and disruption of device availability. The compromise of ControlVault3 modules undermines hardware-based security assurances, increasing the risk of broader system breaches. Organizations relying on Broadcom BCM5820X-based security modules in laptops, servers, or embedded systems may face significant risks including data breaches, loss of integrity in authentication processes, and potential lateral movement within networks. The high severity and scope change mean that the vulnerability could affect multiple components or systems relying on the compromised module, amplifying the impact. The absence of known exploits in the wild currently limits immediate risk but does not reduce the urgency for mitigation due to the ease of exploitation and critical impact.

Organizations should monitor Dell and Broadcom advisories closely for official patches or firmware updates addressing this vulnerability and apply them promptly once available. In the interim, restrict local access to systems containing affected ControlVault3 modules to trusted personnel only, minimizing the risk of exploitation. Implement strict access controls and monitoring on API calls related to securebio_identify functionality to detect and block suspicious activity. Employ endpoint detection and response (EDR) solutions capable of identifying anomalous behavior indicative of exploitation attempts. Conduct thorough audits of devices using Broadcom BCM5820X components to inventory affected systems and prioritize remediation. Consider network segmentation to isolate critical systems using these modules, reducing the attack surface. Additionally, review and enhance physical security controls to prevent unauthorized local access. Finally, prepare incident response plans specific to potential exploitation of hardware security modules to enable rapid containment and recovery.