Full Report
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Dell ControlVault 3 firmware and its associated Windows software, four vulnerabilities in Entr'ouvert Lasso, and one vulnerability in GL.iNet Slate AX.The vulnerabilities mentioned in this blog post have been patched by their respective
Analysis Summary
This summary covers the vulnerabilities disclosed in Dell ControlVault 3, Entr'ouvert Lasso, and GL.iNet Slate AX firmware/software. All mentioned vulnerabilities have been patched by their respective vendors.
---
# Vulnerability: Dell ControlVault 3 & Windows Software Vulnerabilities (Multiple CVEs)
## CVE Details
- **CVE ID:** CVE-2025-31649 (Hard-coded Password)
- **CVSS Score:** N/A (Score not provided in text)
- **CWE:** N/A
- **CVE ID:** CVE-2025-31361 (Privilege Escalation)
- **CVSS Score:** N/A
- **CWE:** N/A
- **CVE ID:** CVE-2025-36460 to CVE-2025-36463 (Out-of-Bounds Read/Write)
- **CVSS Score:** N/A
- **CWE:** N/A
- **CVE ID:** CVE-2025-32089 (Buffer Overflow)
- **CVSS Score:** N/A
- **CWE:** N/A
- **CVE ID:** CVE-2025-36553 (Buffer Overflow)
- **CVSS Score:** N/A
- **CWE:** N/A
## Affected Systems
- **Products:** Dell ControlVault 3 firmware and associated Windows software.
- **Versions:** Specific versions were not detailed in the summary, only the general product.
- **Configurations:** Interaction with the ControlVault API or WinBioControlUnit API is required.
## Vulnerability Description
Five flaws were discovered:
1. **CVE-2025-31649:** A hard-coded password allows privileged operations via a specially crafted ControlVault API call.
2. **CVE-2025-31361:** Privilege escalation achievable through a specially crafted WinBioControlUnit API call.
3. **CVE-2025-36460 to CVE-2025-36463:** Multiple out-of-bounds read and write vulnerabilities leading to memory corruption via a specially crafted WinBioControlUnit API call.
4. **CVE-2025-32089:** A buffer overflow vulnerability triggered by a crafted ControlVault API call, potentially leading to arbitrary code execution (ACE).
5. **CVE-2025-36553:** A buffer overflow vulnerability triggered by a crafted ControlVault API call, potentially leading to memory corruption.
## Exploitation
- **Status:** Not explicitly stated, but assumed patched and not actively exploited in the wild based on disclosure context.
- **Complexity:** Varies by CVE, but typically involves API manipulation.
- **Attack Vector:** Likely Local or Adjacent, depending on API accessibility.
## Impact
For vulnerabilities leading to ACE or memory corruption:
- **Confidentiality:** High (Potential Information Disclosure/Data Theft)
- **Integrity:** High (Potential Data Modification)
- **Availability:** Medium to High (Potential Denial of Service)
## Remediation
### Patches
- Vendors have released security updates for Dell ControlVault 3 firmware and associated Windows software. Specific version numbers are not provided in the context and must be sought from Dell advisories.
### Workarounds
- No specific workarounds were mentioned in the summary aside from applying the patch.
## Detection
- General detection methods include monitoring ControlVault and WinBioControlUnit API calls for unusual, overly long, or malformed requests.
- Snort coverage is available; users should download the latest rule sets from Snort.org.
## References
- Vendor Advisories (Dell) must be consulted for specific patch details.
- Vulnerability Reports: TALOS-2025-2173 through TALOS-2025-2189.
---
# Vulnerability: Entr'ouvert Lasso Vulnerabilities (Multiple CVEs)
## CVE Details
- **CVE ID:** CVE-2025-47151 (Type Confusion)
- **CVSS Score:** N/A
- **CWE:** N/A
- **CVE ID:** CVE-2025-46404 (DoS)
- **CVSS Score:** N/A
- **CWE:** N/A
- **CVE ID:** CVE-2025-46784 (DoS)
- **CVSS Score:** N/A
- **CWE:** N/A
- **CVE ID:** CVE-2025-46705 (DoS)
- **CVSS Score:** N/A
- **CWE:** N/A
## Affected Systems
- **Products:** Entr'ouvert Lasso (C library for federated identities/SSO protocols).
- **Versions:** Specific vulnerable versions were not detailed.
- **Configurations:** Exploitation requires providing a specially crafted SAML response.
## Vulnerability Description
Four vulnerabilities were found in the Lasso library:
1. **CVE-2025-47151:** A type confusion vulnerability allowing arbitrary code execution when processing a specially crafted SAML response.
2. **CVE-2025-46404, CVE-2025-46784, CVE-2025-46705:** Three separate denial of service vulnerabilities, all triggered by processing a specially crafted SAML response.
## Exploitation
- **Status:** Not explicitly stated, presumed patched.
- **Complexity:** Medium (Requires knowledge of SAML response construction).
- **Attack Vector:** Network/Remote (via crafted messages).
## Impact
- **CVE-2025-47151 (ACE):** Confidentiality, Integrity, Availability - High.
- **DoS CVEs:** Availability - High.
## Remediation
### Patches
- Vendors utilizing or maintaining Entr'ouvert Lasso have released updates addressing these issues.
### Workarounds
- No specific workarounds were mentioned in the summary.
## Detection
- Focus detection efforts on unusual or malformed SAML responses directed at services using the Lasso library.
- Download the latest Snort rule sets from Snort.org for coverage.
## References
- Vulnerability Reports: TALOS-2025-2193 through TALOS-2025-2196.
---
# Vulnerability: GL.iNet Slate AX Firmware Downgrade Vulnerability
## CVE Details
- **CVE ID:** CVE-2025-44018
- **CVSS Score:** N/A
- **CWE:** N/A
## Affected Systems
- **Products:** GL.iNet Slate AX (GL-AXT1800) Wi-Fi 6GB travel router firmware.
- **Versions:** Specific vulnerable versions were not detailed.
- **Configurations:** Exploitable via the OTA (Over-The-Air) Update functionality.
## Vulnerability Description
A firmware downgrade vulnerability exists in the OTA Update functionality. An attacker can facilitate a Man-in-the-Middle (MITM) attack to trigger this flaw by presenting a specially crafted `.tar` file, causing the device to install an older, potentially more vulnerable, firmware version.
## Exploitation
- **Status:** Not explicitly stated, presumed patched.
- **Complexity:** Medium/High (Requires MITM capability).
- **Attack Vector:** Network (MITM required to inject the malicious file).
## Impact
- **Confidentiality:** Medium (Depends on older firmware capabilities).
- **Integrity:** High (Forced modification of the installed operating environment).
- **Availability:** High (Forced downgrade may cause device instability or bricking).
## Remediation
### Patches
- GL.iNet has issued a firmware patch for the Slate AX addressing the OTA update logic.
### Workarounds
- No specific workarounds were mentioned in the summary, though restricting access to the update mechanism might offer temporary protection where feasible.
## Detection
- Monitor network traffic attempting to intercept or modify traffic destined for the device's firmware update server.
- Apply the latest Snort rules from Snort.org.
## References
- Vulnerability Report: TALOS-2025-2230.
- Vendor advisories (GL.iNet) must be checked for specific patch versions.