ReVault Vulnerabilities Bypass Windows Login on Dell Laptops

Firmware flaws in Dell ControlVault3 affect more than 100 Dell laptop models, enabling attackers to bypass Windows Login and install malware that can survive even after an operating system reinstall.

What is Dell ControlVault?

Dell ControlVault is a hardware-based security solution that stores passwords, biometric data, and security codes in firmware on a dedicated add-on board called the Unified Security Hub (USH).

Cisco Talos Uncovers Five “ReVault” Flaws

Researchers at Cisco Talos discovered five vulnerabilities in ControlVault3—collectively dubbed ReVault. These affect both the firmware and the Windows API interfaces in Dell’s Latitude and Precision business laptops, which are widely used in IT, government, and industrial sectors where smart cards, fingerprints, and NFC authentication are common.

List of ReVault Vulnerabilities:

• CVE-2025-24311, CVE-2025-25050 – Out-of-bounds write issues
• CVE-2025-25215 – Arbitrary free vulnerability
• CVE-2025-24922 – Stack overflow bug
• CVE-2025-24919 – Insecure deserialization in ControlVault’s Windows APIs

Exploitation Risks

• Firmware-level arbitrary code execution – Enables persistent malware implants that survive OS reinstalls.
• Physical access attacks – Allows bypassing Windows Login or escalating local privileges to admin.
• Fingerprint authentication bypass – Forces the system to accept any fingerprint, legitimate or not.

How ReVault is Exploited

Attackers with physical access and a USB connection to the USH board can directly interact with ControlVault3—no login credentials or disk encryption keys required.

Because no authentication is needed, the vulnerabilities can be triggered before Windows even loads.

Mitigations and Patches

Dell released patches between March and May 2025 for affected models. Users should:

1. Install updates via Windows Update or Dell’s support site.
2. Disable unused security peripherals (fingerprint readers, smart card/NFC sensors).
3. Avoid fingerprint login in high-risk environments.

Additional protections:

• Enable Chassis Intrusion Detection in BIOS to log physical tampering.
• Use Enhanced Sign-in Security (ESS) in Windows to detect ControlVault firmware anomalies.

Researchers’ Warning

“These vulnerabilities are severe—they allow attackers to persist malware at the firmware level, bypass authentication, and even spoof biometric checks. Given how widely these laptops are used in secure environments, immediate patching is critical,” Cisco Talos researchers stated.

Affected Models

A full list of impacted Dell laptops is available in Dell’s security advisory.

Key Takeaway: If you own a Dell Latitude or Precision laptop, update immediately. These flaws could let attackers bypass login and maintain persistence—even after a full system wipe.