Serious security vulnerability discovered on many Dell laptop models

A new report from security firm Cisco has sounded the alarm about serious vulnerabilities in more than 100 Dell laptop models, including the Latitude and Precision lines.

These vulnerabilities are in ControlVault - a chip designed to protect biometric data and passwords, but inadvertently became a door for hackers to gain unauthorized access, bypass Windows login, steal sensitive data and take complete control of the device.

Cisco named this series of vulnerabilities ReVault, with 5 specific identifiers including CVE-2025-24311; CVE-2025-25050; CVE-2025-25215; CVE-2025-24922 and CVE-2025-24919. The worrying thing is that even if users reinstall the operating system, the malicious code can still exist in the chip, causing the device to always be in a state of being monitored or secretly controlled.

Experts warn that this is a serious threat, especially for business and government users, who often use affected Dell laptop models. Cisco recommends users update to the latest firmware and disable ControlVault if they do not use fingerprint or smart card readers.

What does Dell say about this serious security vulnerability?

After security researchers discovered a series of serious vulnerabilities in the ControlVault3 software, which is used on many Latitude and Precision laptop models, Dell officially spoke up to reassure users.

In a statement to Hackread.com, Dell confirmed that it had addressed the vulnerabilities in its drivers and ControlVault3 security software. The company said it had worked with the relevant software vendor to patch the issue and released a security update on June 13 to mitigate the risk to business users.

Dell also urged customers to quickly install the latest updates and recommended using supported software versions to ensure their systems are always secure. The company has released a detailed security advisory (DSA-2025-053), listing the affected models and the workarounds.

“We are committed to coordinating disclosure with researchers and industry partners to ensure timely and transparent vulnerability resolution. Responsible vulnerability disclosure is at the core of our product security strategy,” Dell said.

In another development, Cisco - the security vulnerability discovery unit is also expanding its security efforts by collaborating with AI platform Hugging Face. As part of the agreement, a customized version of the ClamAV scanner will be integrated to automatically check all public files uploaded to the Hugging Face platform, with the goal of detecting potential malware in AI models. The tool is currently available for free to the community.

The coordinated actions by tech giants like Dell and Cisco underscore the threat of software vulnerabilities at every level, from laptop firmware to complex AI models in digital supply chains, and underscore an increasingly clear message that security is no longer optional, but a requirement.

To enhance protection against increasingly sophisticated cyber attacks, security experts recommend that users proactively enable several important defense features.

For example, on Windows, experts recommend enabling Enhanced Logon Security (ESS). This is an additional layer of security that helps Windows detect and respond to firmware anomalies, such as firmware ControlVault being changed or not meeting security standards. ESS acts as a barrier to prevent attackers from injecting malicious code into the system before the operating system boots.

These features, while not new, are often overlooked by users during device configuration. As attacks become more sophisticated, taking full advantage of the available layers of protection is an important part of keeping both hardware and data secure.