Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation...

8.7 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Description

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability.

AI Analysis

Privilege escalation vulnerability in ControlVault WBDI Driver via specially crafted WinBioControlUnit call

Basic Information

ID CVE-2025-31361

Source talos

Published Nov 17, 2025 at 22:54

Modified Nov 17, 2025 at 23:05

Affected Product

Vendor Broadcom

Product BCM5820X

Version NA

Affected Versions Broadcom BCM5820X NA
Dell ControlVault3 0
Dell ControlVault3 Plus 0

CWE Classification

CWE-908

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Dell

Product ControlVault3, ControlVault3 Plus

Version prior to 5.15.14.19, prior to 6.2.36.47

References

{
    "lastseen": "",
    "description": "A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability.",
    "published": "2025-11-17T22:54:06.711Z",
    "modified": "2025-11-17T23:05:39.573Z",
    "type": "cve",
    "title": "Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation vulnerability",
    "source": "talos",
    "references": "https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2025-2174",
    "id": "CVE-2025-31361",
    "bulletinFamily": "",
    "cwe": [
        "CWE-908"
    ],
    "cvelist": null,
    "sourceData": "Broadcom BCM5820X NA\nDell ControlVault3 0\nDell ControlVault3 Plus 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BCM5820X",
    "version": "NA",
    "vendor": "Broadcom",
    "ai_description": "Privilege escalation vulnerability in ControlVault WBDI Driver via specially crafted WinBioControlUnit call",
    "ai_severity": "High",
    "ai_vendor": "Dell",
    "ai_product": "ControlVault3, ControlVault3 Plus",
    "ai_version": "prior to 5.15.14.19, prior to 6.2.36.47",
    "ai_score": 8.7
}

Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation vulnerability_CVE-2025-31361