Cybersecurity giant Cisco has found serious security vulnerabilities in more than 100 Dell laptop models, putting tens of millions of devices at risk worldwide. This was revealed in a report shared by Cisco with Hackread.com, warning that the flaws could let attackers take full control of a device, steal passwords and access sensitive data, including fingerprint information.
The vulnerabilities, which Cisco’s Talos team has named ReVault, affect a hardware component called Dell ControlVault. Five vulnerabilities were found in this hardware, which have been assigned the following CVEs:
- CVE-2025-24311
- CVE-2025-25050
- CVE-2025-25215
- CVE-2025-24922
- CVE-2025-24919
For your information, Dell ControlVault is a security chip designed to securely store passwords and biometric data. However, the flaws could allow attackers to bypass Windows login, gain persistent access to a device, or even tamper with the device to accept any fingerprint.
This could be especially troubling for government and business users, considering that these vulnerabilities are found in many business-focused models, including Dell’s Latitude and Precision series, which are common in government and corporate settings.
The report details two main ways attackers could take advantage of these flaws. The first is a way to gain permanent access to a laptop. Even if a user completely reinstalls their operating system, a malicious program could hide in the ControlVault chip itself, making it a persistent threat.
The second is a physical attack. A person with access to the laptop could open it up and directly tamper with the chip, giving them the ability to bypass the login screen or even fool the fingerprint reader into accepting any fingerprint.
Cisco Talos recommends that all affected Dell laptop owners install the latest firmware updates immediately and consider disabling the ControlVault services if they don’t use features like the fingerprint or smart card reader.
In a separate announcement, Cisco has also teamed up with Hugging Face, a major hub for AI models, to address the growing risk of malware and vulnerabilities within the AI supply chain, which includes millions of models available to developers.
As part of the partnership, a special version of Cisco’s malware scanner, ClamAV, will now automatically scan every public file uploaded to the Hugging Face platform. Cisco notes that this new anti-malware capability for AI models is being made available to the public for free. These findings highlight a broader message from Cisco about the importance of security at every level, from a laptop’s hardware to the digital files powering AI.
