CVE-2025-32751
Description
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security_alert@emc.com — https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities
Vendor advisory: security_alert@emc.com — https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| dell | powerflex_appliance_intelligent_catalog | {"endExcluding":"48.383.00"} | 48.383.00 |
| dell | powerflex_manager | {"endIncluding":"4.6.2"} | |
| dell | powerflex_rack | {"endExcluding":"3.7.8.0"} | 3.7.8.0 |
References
- https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities
CWEs
CWE-922
Verify integrity in audit chain (admin only). AS-IS.