Cybersecurity big Cisco has discovered severe safety vulnerabilities in additional than 100 Dell laptop computer fashions, placing tens of thousands and thousands of units in danger worldwide. This was revealed in a report shared by Cisco with Hackread.com, warning that the failings might let attackers take full management of a tool, steal passwords and entry delicate knowledge, together with fingerprint data.
The vulnerabilities, which Cisco’s Talos staff has named ReVault, have an effect on a {hardware} part referred to as Dell ControlVault. 5 vulnerabilities have been discovered on this {hardware}, which have been assigned the next CVEs:
- CVE-2025-24311
- CVE-2025-25050
- CVE-2025-25215
- CVE-2025-24922
- CVE-2025-24919
On your data, Dell ControlVault is a safety chip designed to securely retailer passwords and biometric knowledge. Nevertheless, the failings might enable attackers to bypass Home windows login, achieve persistent entry to a tool, and even tamper with the machine to simply accept any fingerprint.
This could possibly be particularly troubling for presidency and enterprise customers, contemplating that these vulnerabilities are discovered in lots of business-focused fashions, together with Dell’s Latitude and Precision collection, that are widespread in authorities and company settings.
The report particulars two principal methods attackers might benefit from these flaws. The primary is a option to achieve everlasting entry to a laptop computer. Even when a person utterly reinstalls their working system, a bug might disguise within the ControlVault chip itself, making it a persistent risk.
The second is a bodily assault. An individual with entry to the laptop computer might open it up and instantly tamper with the chip, giving them the flexibility to bypass the login display and even idiot the fingerprint reader into accepting any fingerprint.
Cisco Talos recommends that every one affected Dell laptop computer house owners set up the newest firmware updates instantly and think about disabling the ControlVault providers in the event that they don’t use options just like the fingerprint or good card reader.
In a separate announcement, Cisco has additionally teamed up with Hugging Face, a serious hub for AI fashions, to deal with the rising danger of malware and vulnerabilities inside the AI provide chain, which incorporates thousands and thousands of fashions accessible to builders.
As a part of the partnership, a particular model of Cisco’s malware scanner, ClamAV, will now mechanically scan each public file uploaded to the Hugging Face platform. Cisco notes that this new anti-malware functionality for AI fashions is being made accessible to the general public at no cost. These findings spotlight a broader message from Cisco in regards to the significance of safety at each degree, from a laptop computer’s {hardware} to the digital information powering AI.
