‘Critical’ firmware-level vulnerabilities found in laptops commonly used by security specialists

Security researchers on Tuesday detailed a series of vulnerabilities that could allow hackers to steal sensitive data from devices using Broadcom’s ControlVault, a special chip widely used in security-focused Dell laptops.

ControlVault is system-on-chip (SoC); effectively a tiny computer in itself that is dedicated to security and isolated from the normally modifiable parts of the device. As its name suggests, it is intended to be a kind of vault for sensitive data; Dell describes it as “a secure bank that stores your passwords, biometric templates, and security codes.”

According to the research published Tuesday by Cisco Talos, it is possible for an attacker to break into the ControlVault chip and modify the firmware inside, allowing them to steal credentials from the “bank” and to plant malware inside it at a level that remains hidden from anti-virus tools running at the operating system level.

A spokesperson for Dell said the company notified customers in June about the "critical" impact of the vulnerability. They added it worked with its firmware provider to address the issues and provide firmware updates since March of this year.

The issues affect more than 100 different models of Dell laptops that are “widely used in the cybersecurity industry, government settings and challenging environments in their Rugged version,” according to the researchers – particularly those in Dell’s Latitude and Precision series.

The researchers detailed the five vulnerabilities that contribute to the so-called ReVault issue. CVE-2025-24919 is the core bug that means ControlVault is insecurely exposed to users, meaning the attack is possible remotely and without administrator-level access to the target machine using existing Windows APIs.

CVE-2025-24311, an out-of-bounds read bug, means the system can leak sensitive material meant to be kept inside the ControlVault, while its partner, CVE-2025-25050, is an out-of-bounds write bug allowing the attacker to write material inside ControlVault when they shouldn’t be able to.

CVE-2025-24922 is a stack buffer overflow allowing an attacker to execute their own code inside of the ControlVault, while CVE-2025-25215 is an arbitrary free vulnerability allowing attackers to erase memory and hide malware inside of the chip.

There is no evidence that the vulnerabilities have been exploited in the wild, wrote Cisco’s senior researcher Philippe Laulheret, who discovered the flaw and is set to present it at the Black Hat conference this week.

However, the vulnerability will concern sensitive industries that have additional enterprise security requirements for users to login to their devices; for instance using fingerprint login, or requiring a smart card or an NFC token, as these devices that support those security features need a ControlVault chip to work.

Broadcom did not immediately respond to a request for comment.