CVE-2025-36461 is a vulnerability classified under CWE-805 (Buffer Access with Incorrect Length Value) affecting the Broadcom BCM5820X component integrated into Dell ControlVault3 and ControlVault3 Plus devices. The flaw arises from improper handling of buffer sizes in the ControlVault WBDI Driver's Storage Adapter functionality. Specifically, when a specially crafted WinBioControlUnit API call is made with ControlCode 0 (WBIO_USH_GET_TEMPLATE) and invalid ReceiveBufferSize and/or SendBufferSize parameters, the driver performs out-of-bounds memory reads and writes. This memory corruption can lead to arbitrary code execution or system compromise. The vulnerability requires local privileges (AV:L), low attack complexity (AC:L), limited privileges (PR:L), and user interaction (UI:R). The CVSS 3.1 base score is 7.3, indicating high severity with potential high impact on confidentiality, integrity, and availability. Although no exploits are currently known in the wild, the vulnerability poses a significant risk to systems relying on biometric authentication via Dell ControlVault hardware. The affected versions are prior to 5.15.14.19 for ControlVault3 and prior to 6.2.36.47 for ControlVault3 Plus. The vulnerability was publicly disclosed in November 2025, with no patches linked yet, emphasizing the need for vigilance and mitigation.

For European organizations, this vulnerability threatens systems that utilize Dell ControlVault3 or ControlVault3 Plus devices incorporating the Broadcom BCM5820X chip, particularly those relying on biometric authentication for security. Successful exploitation can lead to memory corruption, enabling attackers to execute arbitrary code, escalate privileges, or cause denial of service. This compromises the confidentiality and integrity of sensitive biometric data and potentially the entire system. Sectors such as finance, government, healthcare, and critical infrastructure that deploy Dell hardware with biometric security are at heightened risk. The requirement for local access and user interaction limits remote exploitation but insider threats or malware with user privileges could exploit this vulnerability. The absence of known exploits currently provides a window for proactive mitigation. However, once exploited, the impact could be severe, including unauthorized access to protected systems and data breaches.

Organizations should immediately inventory their hardware to identify Dell ControlVault3 and ControlVault3 Plus devices with Broadcom BCM5820X components. Until official patches are released, restrict access to the WinBioControlUnit API and related biometric services to trusted users only. Implement strict endpoint security controls to prevent unauthorized local access and limit user interaction with vulnerable components. Monitor system logs for unusual WinBioControlUnit calls or abnormal behavior indicative of exploitation attempts. Employ application whitelisting and privilege restrictions to reduce the attack surface. Once Dell releases patches or firmware updates addressing this vulnerability, prioritize their deployment across all affected devices. Additionally, consider disabling biometric authentication temporarily if feasible and using alternative authentication methods to reduce exposure. Engage with Dell and Broadcom support channels for updates and guidance.