CVE-2025-26483
Description
Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security_alert@emc.com — https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities
Vendor advisory: security_alert@emc.com — https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| dell | powerflex_appliance_intelligent_catalog | {"endExcluding":"48.383.00"} | 48.383.00 |
| dell | powerflex_manager | {"endIncluding":"4.6.2"} | |
| dell | powerflex_rack | {"endExcluding":"3.7.8.0"} | 3.7.8.0 |
References
- https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities
CWEs
CWE-601
Verify integrity in audit chain (admin only). AS-IS.