CVE-2025-24922 – Dell ControlVault3/Dell ControlVault3 Plus Stack-Based Buffer Overflow Vulnerability

June 13, 2025

CVE ID : CVE-2025-24922

Published : June 13, 2025, 9:15 p.m. | 57 minutes ago

Description : A stack-based buffer overflow vulnerability exists in the
securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A
specially crafted malicious cv_object can lead to a arbitrary code
execution. An attacker can issue an API call to trigger this
vulnerability.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-25050 – Dell ControlVault3/Dell ControlVault 3 Plus Out-of-Bounds Write Vulnerability

Next Article CVE-2025-24311 – Dell ControlVault3/Dell ControlVault3 Plus Out-of-Bounds Read Information Leak

Highlights

CVE-2025-34090 – “Google Chrome AppBound Cookie Encryption Bypass”

July 2, 2025

CVE ID : CVE-2025-34090

Published : July 2, 2025, 8:15 p.m. | 1 hour, 45 minutes ago

Description : A security bypass vulnerability exists in Google Chrome AppBound cookie encryption mechanism due to insufficient validation of COM server paths during inter-process communication. A local low-privileged attacker can hijack the COM class identifier (CLSID) registration used by Chrome’s elevation service and point it to a non-existent or malicious binary. When this hijack occurs, Chrome silently falls back to the legacy cookie encryption mechanism (protected only by user-DPAPI), thereby enabling cookie decryption by any user-context malware without SYSTEM-level access. This flaw bypasses the protections intended by the AppBound encryption design and allows cookie theft from Chromium-based browsers.

Confirmed in Google Chrome with AppBound Encryption enabled. Other Chromium-based browsers may be affected if they implement similar COM-based encryption mechanisms.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-24922 – Dell ControlVault3/Dell ControlVault3 Plus Stack-Based Buffer Overflow Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

5 ways to be great AI agent manager, according to business leaders

CVE-2025-3200: Wiesemann & Theis Com-Server Devices Exposed by Deprecated TLS Protocols

CVE-2025-4179 – Flynax Bridge WordPress Privilege Escalation

CVE-2025-7534 – “PHPGurukul Student Result Management System SQL Injection Vulnerability”

CVE-2025-34090 – “Google Chrome AppBound Cookie Encryption Bypass”

NVIDIA GeForce NOW adds 13 more games, including Borderlands series & new co-op shooter

CVE-2025-5490 – WordPress Football Pool Stored Cross-Site Scripting Vulnerability

Role of AI-driven Autonomous Testing in Software QA

CVE-2025-24922 – Dell ControlVault3/Dell ControlVault3 Plus Stack-Based Buffer Overflow Vulnerability

Related Posts