Vulnerability Description
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 4 (`WBIO_USH_ADD_RECORD`) and with an invalid `SendBufferSize`.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2025-2175
- https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228
FAQ
What is CVE-2025-36463?
CVE-2025-36463 is a vulnerability with a CVSS score of 7.3 (HIGH). Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus...
How severe is CVE-2025-36463?
CVE-2025-36463 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-36463?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.