Over 100 Dell Laptop Models Plagued by Vulnerabilities Impacting Millions – Source:hackread.com

Cybersecurity giant Cisco has found serious security vulnerabilities in more than 100 Dell laptop models, putting tens of millions of devices at risk worldwide. This was revealed in a report shared by Cisco with Hackread.com, warning that the flaws could let attackers take full control of a device, steal passwords and access sensitive data, including fingerprint information.

The vulnerabilities, which Cisco’s Talos team has named ReVault, affect a hardware component called Dell ControlVault. Five vulnerabilities were found in this hardware, which have been assigned the following CVEs:

• CVE-2025-24311
• CVE-2025-25050
• CVE-2025-25215
• CVE-2025-24922
• CVE-2025-24919

For your information, Dell ControlVault is a security chip designed to securely store passwords and biometric data. However, the flaws could allow attackers to bypass Windows login, gain persistent access to a device, or even tamper with the device to accept any fingerprint.

This could be especially troubling for government and business users, considering that these vulnerabilities are found in many business-focused models, including Dell’s Latitude and Precision series, which are common in government and corporate settings.

The report details two main ways attackers could take advantage of these flaws. The first is a way to gain permanent access to a laptop. Even if a user completely reinstalls their operating system, a malicious program could hide in the ControlVault chip itself, making it a persistent threat.

The second is a physical attack. A person with access to the laptop could open it up and directly tamper with the chip, giving them the ability to bypass the login screen or even fool the fingerprint reader into accepting any fingerprint.

Cisco Talos recommends that all affected Dell laptop owners install the latest firmware updates immediately and consider disabling the ControlVault services if they don’t use features like the fingerprint or smart card reader.

Dell’s Statement

In a statement to Hackread.com, Dell confirmed that it had promptly addressed the reported vulnerabilities in the ControlVault3 driver and firmware, which affect certain business laptops. The company said it worked with its firmware provider to resolve the issues and notified customers on June 13 with available updates.

Dell emphasised the importance of applying security updates and using supported product versions to maintain system security. It also pointed to Security Advisory DSA-2025-053 for details on affected models and mitigation steps. Dell added that coordinated disclosure with researchers and industry partners remains a core part of its approach to product security.

“Our vulnerability response program provides customers with timely information, guidance and mitigation options to address vulnerabilities in our products. On June 13, we notified customers about available updates to remediate vulnerabilities reported in the Dell ControlVault3 driver and firmware that impacts certain business PCs. Working with our firmware provider, we addressed the issues quickly and transparently disclosed the reported vulnerabilities in accordance with our Vulnerability Response Policy.

Customers can review the Dell Security Advisory DSA-2025-053 for information on affected products, versions, and more. As always, it is important that customers promptly apply security updates that we make available and move to supported versions of our products to ensure their systems remain secure.

Collaborating with industry partners and the research community on coordinated disclosures is a key part of strengthening the security of our products and advancing the broader technology industry.”

A Dell Spokesperson

In a separate development, Cisco has also teamed up with Hugging Face, a major hub for AI models, to address the growing risk of malware and vulnerabilities within the AI supply chain, which includes millions of models available to developers.

As part of the partnership, a special version of Cisco’s malware scanner, ClamAV, will now automatically scan every public file uploaded to the Hugging Face platform. Cisco notes that this new anti-malware capability for AI models is being made available to the public for free. These findings highlight a broader message from Cisco about the importance of security at every level, from a laptop’s hardware to the digital files powering AI.