CVE-2025-32745
medium
CVSS v3
6.5
CVSS v2
—
VIR risk
6.5
Description
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.
Predictions
Exploit likelihood
65%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security_alert@emc.com — https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities
Vendor advisory: security_alert@emc.com — https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| dell | powerflex_appliance_intelligent_catalog | {"endExcluding":"48.383.00"} | 48.383.00 |
| dell | powerflex_manager | {"endIncluding":"4.6.2"} | |
| dell | powerflex_rack | {"endExcluding":"3.7.8.0"} | 3.7.8.0 |
References
- https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities
CWEs
CWE-295
Verify integrity in audit chain (admin only). AS-IS.