06.08.2025
2 min
502
A vulnerability in the Broadcom BCM5820X chip, which provides security in more than 100 Dell laptop models, allowed attackers to steal sensitive data even after reinstalling the operating system. The problem was discovered by Cisco Talos specialists, and Dell has already released a security update.
According to Cisco Talos experts, the vulnerability affects the ControlVault chip, which is responsible for storing passwords, biometric data, smart card drivers, NFC and fingerprints. These chips are used in systems where a high level of security is critical – including in cybersecurity, government agencies and the defense sector.
Although there is currently no evidence that this vulnerability has already been used in real attacks, the scale of the threat was serious: potential attackers could not only steal data, but also retain control over the device after it was wiped. Dell confirmed the issue in a June report, and security updates were released in March, April, and May 2025.
ControlVault is a specialized hardware security module used to process biometric data and authentication on Dell devices. It is designed to isolate sensitive information from the rest of the system, which reduces the risk of compromise. However, the vulnerability found showed that even such components can be an entry point for hackers.
Cisco Talos representatives emphasized the importance of further research in the field of hardware security — especially given the proliferation of biometric technologies. At the same time, Dell emphasized that it responded promptly and transparently to the report and urged users to update their systems in a timely manner.
This incident was another reminder that even the most secure components can contain critical errors that threaten users and organizations. The role of manufacturers in rapid response and the responsibility of users for installing updates are key factors in cybersecurity in 2025.
