关键漏洞信息 CVE Number: CVE-2025-36553 Vulnerability Type: Buffer Overflow Affected Products: - Broadcom BCM5820X - Dell ControlVault3 5.14.3.0 - Dell ControlVault3 5.15.10.14, A31 CVSSv3 Score: 8.8 - Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Details: - A specially crafted ControlVault API call can lead to memory corruption. - The vulnerability is due to improper size check during the copying of command blobs. - An attacker can potentially achieve arbitrary read/write and code execution. Vendor Response: Vendor advisory is issued. Timeline: - 2025-05-09: Vendor Disclosure - 2025-06-13: Vendor Patch Release - 2025-11-17: Public Release Credit: Discovered by Philippe Laulheret of Cisco Talos.