CVE-2025-36461 is a buffer access vulnerability classified under CWE-805, affecting the Broadcom BCM5820X component integrated into Dell ControlVault3 and ControlVault3 Plus devices. The flaw arises from improper handling of buffer length parameters in the ControlVault WBDI Driver's Storage Adapter functionality. Specifically, when a WinBioControlUnit API call is made with ControlCode 0 (WBIO_USH_GET_TEMPLATE) and invalid ReceiveBufferSize and/or SendBufferSize values, the driver performs out-of-bounds reads and writes. This memory corruption can lead to arbitrary code execution or system crashes. The vulnerability requires local privileges with low complexity and user interaction to trigger, as an attacker must issue a crafted API call. The CVSS v3.1 score is 7.3 (high), reflecting high impact on confidentiality, integrity, and availability. The affected Dell ControlVault3 firmware versions are prior to 5.15.14.19 and ControlVault3 Plus prior to 6.2.36.47. No public exploits or patches are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The vulnerability could be exploited to bypass security controls implemented by ControlVault modules, which are often used for secure authentication and cryptographic operations in enterprise environments.

The vulnerability allows an attacker with local access and limited privileges to corrupt memory within the ControlVault driver, potentially leading to privilege escalation, unauthorized access to sensitive biometric or cryptographic data, or denial of service via system crashes. Since ControlVault modules are used to secure authentication and cryptographic keys, exploitation could undermine the security of enterprise authentication mechanisms, exposing organizations to credential theft or unauthorized system access. The high impact on confidentiality, integrity, and availability means critical systems relying on Dell ControlVault hardware could be compromised, affecting data protection and operational continuity. The requirement for local access limits remote exploitation but insider threats or malware with user-level privileges could leverage this flaw. The absence of known exploits reduces immediate risk but also means organizations should act proactively to prevent future attacks.

Organizations should monitor Dell and Broadcom advisories for official patches addressing this vulnerability and apply them promptly once released. Until patches are available, restrict access to the vulnerable WinBioControlUnit API by limiting user permissions and employing application whitelisting to prevent unauthorized API calls. Implement strict endpoint security controls to detect and block suspicious local activity involving biometric or ControlVault drivers. Conduct regular audits of user privileges and monitor logs for abnormal usage of ControlVault-related APIs. Employ defense-in-depth strategies such as endpoint detection and response (EDR) solutions to identify exploitation attempts. Additionally, consider isolating systems with ControlVault hardware from untrusted users and networks to reduce exposure. Coordinate with Dell support for guidance on interim mitigations and firmware updates.