Security researchers have uncovered a set of serious flaws in Dell’s ControlVault3 firmware that could allow attackers to steal passwords, bypass biometric security, and even maintain access to a system after a full Windows reinstall.

Cisco Talos has dubbed the vulnerabilities “ReVault.” They target the Broadcom BCM5820X security chip, used in Dell’s business-focused Latitude and Precision laptops. These models are common in government, enterprise, and cybersecurity environments where features like smartcard and NFC authentication are critical.

Dell describes ControlVault as “a hardware-based security solution that provides a secure bank that stores your passwords, biometric templates, and security codes within the firmware.” But researchers found five high-severity flaws — all with CVSS scores above 8.0 — that make the system a potential weak point.

A Talos spokesperson warned, “This creates the risk of a so-called implant that could stay unnoticed in a laptop’s ControlVault firmware and eventually be used as a pivot back onto the system.” The team demonstrated that compromised firmware could even be altered to accept “any fingerprint” for authentication — showing a spring onion unlocking a laptop in one test.

The vulnerabilities also enable physical attacks. An attacker with brief access could connect to the security hub via USB and bypass login credentials and encryption.

Dell says it has worked with Broadcom to fix the problem. “Working with our firmware provider, we addressed the issues quickly and transparently disclosed the reported vulnerabilities in accordance with our Vulnerability Response Policy,” a company spokesperson said, adding there is “no evidence of active exploitation.”

Firmware updates began rolling out in March 2025. Dell urges customers to apply patches immediately, as automated Windows updates may not reach all enterprise systems.