Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-31361

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-17 Nov, 2025 | 22:54
Updated At-01 Dec, 2025 | 22:36
Rejected At-
Credits

Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation vulnerability

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:17 Nov, 2025 | 22:54
Updated At:01 Dec, 2025 | 22:36
Rejected At:
▼CVE Numbering Authority (CNA)
Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation vulnerability

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability.

Affected Products
Vendor
Broadcom Inc.Broadcom
Product
BCM5820X
Default Status
unaffected
Versions
Affected
  • NA
Vendor
Dell Inc.Dell
Product
ControlVault3
Default Status
unaffected
Versions
Affected
  • From 0 before 5.15.14.19 (semver)
Vendor
Dell Inc.Dell
Product
ControlVault3 Plus
Default Status
unaffected
Versions
Affected
  • From 0 before 6.2.36.47 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-908CWE-908 Use of Uninitialized Resource
Type: CWE
CWE ID: CWE-908
Description: CWE-908 Use of Uninitialized Resource
Metrics
VersionBase scoreBase severityVector
3.18.7HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Version: 3.1
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Discovered by Philippe Laulheret of Cisco Talos.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228
N/A
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2174
N/A
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228
Resource: N/A
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2174
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2174
N/A
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2174
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:17 Nov, 2025 | 23:15
Updated At:18 Nov, 2025 | 14:06

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.7HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Type: Primary
Version: 3.1
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-908Primarytalos-cna@cisco.com
CWE ID: CWE-908
Type: Primary
Source: talos-cna@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2174talos-cna@cisco.com
N/A
https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228talos-cna@cisco.com
N/A
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2174af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2174
Source: talos-cna@cisco.com
Resource: N/A
Hyperlink: https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228
Source: talos-cna@cisco.com
Resource: N/A
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2174
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2025-31649
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.7||HIGH
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 22:55
Updated-01 Dec, 2025 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call to trigger this vulnerability.

Action-Not Available
Vendor-Broadcom Inc.Dell Inc.
Product-BCM5820XControlVault3 PlusControlVault3
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-36282
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-2.5||LOW
EPSS-0.05% / 16.78%
||
7 Day CHG~0.00%
Published-16 Aug, 2021 | 22:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2022-34390
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.14%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-12 May, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_area-51_r4_firmwarealienware_area-51_r5_firmwarealienware_area-51_r5alienware_area-51_r4CPG BIOS
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
Details not found