Millions of Dell laptops may be vulnerable to persistent backdoor attacks through ReVault exploits.

A set of firmware vulnerabilities affecting over 100 Dell laptop models, commonly utilised in government settings and the cybersecurity industry, has been identified by Cisco Talos researchers. These vulnerabilities could enable attackers to gain persistent access to systems, even after Windows reinstalls. The flaws primarily reside in the firmware for ControlVault3 and ControlVault3+, which are critical hardware security components responsible for storing passwords, biometric templates, and security codes. The vulnerabilities include two out-of-bounds issues (CVE-2025-24311, CVE-2025-25050), an arbitrary free flaw (CVE-2025-25215), a stack overflow bug (CVE-2025-24922), and an unsafe deserialization flaw (CVE-2025-24919).

Researchers noted that these vulnerabilities could be exploited through so-called ReVault attacks. Attackers with non-administrative access to a vulnerable laptop could interact with the ControlVault firmware, potentially leaking key material that allows for permanent firmware modification, effectively creating a backdoor. Additionally, attackers with physical access could open the device and exploit the vulnerabilities without needing to log in or know the full-disk encryption password. This scenario could also allow tampering with the firmware to accept any fingerprint if the system is configured for fingerprint unlocking. Technical details have been privately reported to Dell and Broadcom, and users are urged to update their firmware to mitigate these risks.