Once again, the tech world is confronting a serious security lapse—this time involving Dell laptops equipped with Broadcom hardware. Following last week’s headlines about vulnerabilities in Lenovo’s AIO systems, Dell has now warned users that a significant flaw in the Broadcom BCM5820X chip family could leave millions of devices open to attack. The vulnerability affects over 100 different Dell models across the Latitude, Precision, and Pro series, making it one of the broader-reaching hardware flaws disclosed this year.
At the core of the issue lies the ControlVault3 feature, a specialized security module designed to securely store sensitive information like passwords and biometric credentials. According to Dell’s disclosure, five separate CVEs have been assigned to the vulnerability: CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919. These flaws are deemed “critical” and could be used by attackers to exfiltrate data, bypass authentication, and even remotely run malicious code—making the implications far more serious than a standard software bug.
While Dell has worked swiftly with its firmware provider to release a fix, many users may still be unaware of the risks posed. The security advisory, now available under DSA-2025-053, includes a detailed breakdown of impacted systems and firmware versions. Dell urges all customers to install the relevant updates as soon as possible to protect themselves from potential exploitation. Users can either use the Dell Command Center to automate the update process or manually download the necessary patches from Dell’s support page.
This vulnerability adds to a growing list of firmware-level attacks targeting trusted computing modules and embedded security systems—areas traditionally considered safe from tampering. With these types of threats becoming more frequent, users are advised to remain vigilant, regularly check for manufacturer updates, and avoid assuming that hardware-level security is failproof. In today’s threat landscape, even trusted platforms like ControlVault3 are no longer immune to sophisticated cyberattacks.