CVE-2025-32089 | THREATINT

Description

A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this vulnerability.

PUBLISHED Reserved 2025-04-29 | Published 2025-11-17 | Updated 2025-11-19 | Assigner talos

HIGH: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status

unaffected

NA

affected

Default status

unaffected

Any version before 5.15.14.19

affected

Default status

unaffected

Any version before 6.2.36.47

affected

Credits

Discovered by Philippe Laulheret of Cisco Talos. finder

References

www.talosintelligence.com/...ability_reports/TALOS-2025-2188

www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228

talosintelligence.com/vulnerability_reports/TALOS-2025-2188

cve.org (CVE-2025-32089)

nvd.nist.gov (CVE-2025-32089)

Download JSON

help @ threatint.eu