Skip to content
Threat Feed
medium advisory

CVE-2025-32747: Dell PowerFlex Manager Incorrect Privilege Assignment Vulnerability

Dell PowerFlex Manager versions 4.6.2 and earlier contain an Incorrect Privilege Assignment vulnerability (CVE-2025-32747) that allows a low-privileged attacker with local access to elevate privileges.

Dell PowerFlex Manager versions 4.6.2 and earlier are vulnerable to an Incorrect Privilege Assignment issue (CVE-2025-32747). This vulnerability allows a low-privileged attacker with local access to potentially elevate their privileges within the system. The vulnerability exists within the Dell PowerFlex Appliance Intelligent Catalog, PowerFlex Manager, and PowerFlex Rack products. Exploitation requires local access, limiting the attack surface, but successful exploitation leads to a complete compromise of the affected system. Defenders need to ensure timely patching of these products to mitigate the risk.

Attack Chain

  1. Attacker gains initial low-privileged local access to the PowerFlex Manager system.
  2. Attacker identifies the presence of CVE-2025-32747.
  3. Attacker crafts a malicious request to an affected endpoint within the PowerFlex Manager.
  4. The request exploits the incorrect privilege assignment, bypassing access controls.
  5. The system improperly processes the request due to the privilege assignment vulnerability.
  6. Attacker leverages elevated privileges to modify system configurations.
  7. Attacker escalates privileges to administrator level.
  8. Attacker gains complete control over the PowerFlex Manager system.

Impact

Successful exploitation of CVE-2025-32747 allows a low-privileged attacker to elevate their privileges to administrator level on the Dell PowerFlex Manager. This can lead to unauthorized access to sensitive data, modification of critical system settings, and potential compromise of the entire infrastructure managed by PowerFlex. The impact is high due to the potential for complete system takeover.

Recommendation

  • Apply the security updates provided by Dell to address CVE-2025-32747 on affected PowerFlex Manager, PowerFlex Appliance Intelligent Catalog and PowerFlex Rack installations (see references).
  • Implement the Sigma rule Detect CVE-2025-32747 Attempt — Suspicious PowerFlex Manager Privilege Escalation to detect potential exploitation attempts on your systems.
  • Monitor logs for suspicious activity indicative of local privilege escalation attempts.
  • Review and enforce strict access control policies to limit the potential impact of compromised low-privileged accounts.

Detection coverage 1

Detect CVE-2025-32747 Attempt — Suspicious PowerFlex Manager Privilege Escalation

medium

Detects attempts to exploit CVE-2025-32747 by monitoring for unusual activity within the Dell PowerFlex Manager related to privilege escalation.

sigma tactics: privilege_escalation techniques: T1068 sources: process_creation, linux

Detection queries are available on the platform. Get full rules →