A critical security vulnerability has been discovered in millions of Dell laptops, which could allow attackers to gain persistent access even after a Windows reinstall. The issue affects 100+ Dell laptop models widely used in government settings and by the cybersecurity industry.
The vulnerability resides in the firmware for ControlVault3 and ControlVault3+, which are hardware security components that store passwords, biometric templates, and security codes. Researchers have identified several flaws, including out-of-bounds vulnerabilities, arbitrary free flaws, stack-overflow bugs, and unsafe-deserialization flaws.
Attackers can exploit these vulnerabilities to gain non-administrative access or physical access to the laptop, allowing them to interact with the ControlVault firmware and leak key material that could enable a permanent backdoor. The vulnerability affects Dell laptops with Broadcom chips, including popular models such as the Dell Pro Max 14 MC14250 and Latitude 7020 2-in-1.
Dell has released fixed drivers and firmware since March 2025 to address the issue. However, organizations may struggle to deploy these updates across large laptop fleets. Researchers recommend disabling CV services and/or the CV device when not in use, using Enhanced Sign-in Security, and enabling chassis intrusion detection.
The discovery highlights the importance of evaluating the security posture of all hardware components within devices, as systems-on-chip like ControlVault represent a new layer of risk. Endpoint detection tools may be able to flag unauthorized firmware updates or crashes in Windows Biometric Service logs.
Source: https://www.helpnetsecurity.com/2025/08/05/dell-laptops-firmware-vulnerabilities-revault-attacks