CVE-2025-31361

HIGH

Dell ControlVault3 <5.15.14.19 & Dell ControlVault3 Plus <6.2.36.47...

Title source: llm
STIX 2.1

Description

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability.

References (3)

Scores

CVSS v3 8.7
EPSS 0.0002
EPSS Percentile 4.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-908
Status published
Products (3)
Broadcom/BCM5820X
Dell/ControlVault3 < 5.15.14.19
Dell/ControlVault3 Plus < 6.2.36.47
Published Nov 17, 2025
Tracked Since Feb 18, 2026