Risky business: Dell's Latitude and Precision business PCs are widely used by enterprise organizations and professional users. Recently discovered security vulnerabilities in these systems could be exploited to compromise highly sensitive data. Dell is now notifying customers about available remediations, and thankfully so far, no in-the-wild attacks targeting these specific vulnerabilities have been observed.

Security researchers at Cisco Talos have uncovered "ReVault," a newly identified threat affecting a vast number of Dell enterprise PCs. The attack chain consists of five distinct vulnerabilities found within a hardware-based feature powered by Broadcom's BCM5820X chip series. When combined, the flaws can enable attackers to establish a persistent presence that survives even a full Windows reinstallation.

The five vulnerabilities are tracked as CVE-2025-24311, CVE-2025-25050, CVE-2025-25215, CVE-2025-24922, and CVE-2025-24919. At the core of the problem lies not only the Broadcom chip itself but also a firmware-level security module known as ControlVault3. According to Dell, ControlVault provides a hardware-based secure enclave for storing sensitive information such as passwords and biometric data.

Over 100 Dell laptop models are believed to be affected, with the ControlVault system physically embedded via a daughterboard connected to the system's motherboard firmware. The vulnerabilities primarily impact business-class Latitude and Precision devices – systems widely used in enterprise IT, government organizations, and rugged environments where cybersecurity is critical.

Researchers warn that the five vulnerabilities could have a major impact on affected devices. If exploited, they could enable attackers to establish persistent access even after a system has been compromised, potentially facilitate physical attacks in local environments, and more. Dell grouped the five flaws under a single security bulletin (DSA-2025-053), classifying the issue as critical and releasing updated drivers and firmware to mitigate the risk.

The company said customers were notified of the remediation availability in June, but that it's been working with the firmware vendor in the months prior to address the flaws under its Vulnerability Response Policy. Cisco Talos researchers confirmed that the vulnerable Broadcom chip is used exclusively in Dell laptops. So far, no in-the-wild attacks targeting these specific vulnerabilities have been observed.

The researchers emphasized that ReVault underscores the need to thoroughly vet all components when evaluating a device's security, not just the operating system and software. Flaws in widely used firmware like Dell's ControlVault can have serious consequences for organizations, even those relying on biometric-based authentication.

Correction (Aug 8): An earlier version of this story stated that Dell notified customers of the ReVault vulnerabilities in June and then worked with the firmware vendor to address the flaws. Dell has contacted us to clarify that they have been in collaboration with the researcher and firmware vendor on the fixes in the months prior, and notified customers in June about the availability of the remediation. We regret the error and have updated the article accordingly. An official statement from Dell follows below:

Our vulnerability response program provides customers with timely information, guidance and mitigation options to address vulnerabilities in our products. On June 13, we notified customers about available updates to remediate vulnerabilities reported in the Dell ControlVault3 driver and firmware that impacts certain business PCs. Working with our firmware provider, we addressed the issues quickly and transparently disclosed the reported vulnerabilities in accordance with our Vulnerability Response Policy.

Customers can review the Dell Security Advisory DSA-2025-053 for information on affected products, versions, and more. As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure.

Collaborating with industry partners and the research community on coordinated disclosures is a key part of strengthening the security of our products and advancing the broader technology industry.