Particle.news
Download on the App Store
13 ARTICLES
·
2w ago

Dell Patches ReVault Firmware Flaws Following Cisco Talos Disclosure

Prompt deployment of Dell’s patches prevents persistent implants or biometric bypass on enterprise laptops.

Image
Dell
A Dell laptop is seen for sale in a store in Manhattan, New York City, U.S., November 24, 2021. REUTERS/Andrew Kelly/File Photo
Image

Overview

  • Cisco Talos has publicly disclosed five ReVault vulnerabilities in Dell’s Broadcom BCM5820X-based ControlVault3 firmware and its Windows APIs, exposing a new hardware attack surface.
  • The flaws, tracked as CVE-2025-24311, CVE-2025-25050, CVE-2025-25215, CVE-2025-24922 and CVE-2025-24919, affect over 100 Latitude and Precision models used in government, enterprise and cybersecurity settings.
  • Dell released firmware and driver updates between March and June and published security advisory DSA-2025-053, reporting no evidence of exploitation in the wild.
  • A Black Hat Las Vegas briefing on August 6 will outline attack scenarios, including a demonstration of biometric spoofing using a vegetable to bypass fingerprint authentication.
  • Organizations are urged to deploy available updates, disable unused ControlVault peripherals, enable BIOS chassis-intrusion detection and activate Windows Enhanced Sign-in Security to mitigate remaining risks.