Cybersecurity company Cisco has identified significant security vulnerabilities present in more than 100 Dell laptop models, posing a risk to tens of millions of devices globally. The findings highlight how these flaws could enable attackers to gain full control over devices, steal passwords, and access sensitive information, including fingerprint data.
The vulnerabilities, collectively named ReVault by Cisco’s Talos team, impact a hardware component known as Dell ControlVault. Within this hardware, five specific vulnerabilities have been assigned the following CVEs: CVE-2025-24311, CVE-2025-25050, CVE-2025-25215, CVE-2025-24922, and CVE-2025-24919.
Dell ControlVault serves as a security chip intended to securely store passwords and biometric data. However, the identified flaws could allow attackers to bypass Windows login credentials and gain persistent access to a device, or manipulate the device to recognize any fingerprint.
This situation is particularly concerning for government and business users, as many of the affected models, including Dell’s Latitude and Precision series, are prevalent in corporate and governmental environments.
According to the report, there are two primary methods by which attackers could exploit these vulnerabilities. The first method grants permanent access, such that even a complete operating system reinstall might not eliminate a malicious program lodged within the ControlVault chip. The second method involves a physical threat, whereby an individual with access to the device could manipulate the chip directly, thus bypassing the login screen or tricking the system into accepting any fingerprint input.
Cisco Talos advises all Dell laptop users affected by these vulnerabilities to immediately update their firmware and considers disabling ControlVault services if features such as fingerprint recognition or smart card readers are not being utilized.
In an unrelated announcement, Cisco has formed a partnership with Hugging Face, a known platform for AI models, to combat the escalating risks associated with malware and vulnerabilities within the AI supply chain. This collaboration aims to improve security for millions of models accessible to developers. As part of this partnership, a specialized version of Cisco’s malware scanner, ClamAV, will automatically inspect every public file uploaded to the Hugging Face platform. Cisco emphasizes the importance of security at all levels, from hardware integrity to the digital files powering AI.