{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/powerflex-manager/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:dell:powerflex_appliance_intelligent_catalog:*:*:*:*:*:*:*:*","cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*","cpe:2.3:a:dell:powerflex_rack:*:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":5.3,"id":"CVE-2025-32749"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PowerFlex Appliance Intelligent Catalog","PowerFlex Manager","PowerFlex Rack"],"_cs_severities":["medium"],"_cs_tags":["cve-2025-32749","information-disclosure","directory-listing"],"_cs_type":"advisory","_cs_vendors":["Dell"],"content_html":"\u003cp\u003eA directory listing vulnerability exists in Dell PowerFlex Manager versions 4.6.2 and earlier (CVE-2025-32749). This flaw allows an unauthenticated attacker with remote network access to potentially list directories and expose sensitive information. The vulnerability stems from incorrect default permissions (CWE-276) within the application. Successful exploitation could reveal configuration files, credentials, or other sensitive data, potentially aiding further malicious activities. Dell has released security updates to address this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe unauthenticated attacker identifies a vulnerable Dell PowerFlex Manager instance exposed on the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request to a specific endpoint on the PowerFlex Manager server that is susceptible to directory listing.\u003c/li\u003e\n\u003cli\u003eThe server, due to incorrect default permissions, responds with a listing of files and directories accessible to the webserver user.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the directory listing to identify potentially sensitive files, such as configuration files, log files, or backup files.\u003c/li\u003e\n\u003cli\u003eThe attacker constructs further HTTP requests to retrieve the contents of these sensitive files.\u003c/li\u003e\n\u003cli\u003eThe server, again due to insufficient access controls, serves the requested files to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts sensitive information from the exposed files, such as usernames, passwords, API keys, or internal network configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the gathered information to further compromise the PowerFlex Manager instance or other systems on the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to the exposure of sensitive information, such as usernames, passwords, API keys, and internal network configurations. This information could be used by an attacker to gain unauthorized access to the PowerFlex Manager system, other systems on the network, or sensitive data stored within the PowerFlex environment. The vulnerability affects Dell PowerFlex Appliance Intelligent Catalog, PowerFlex Manager, and PowerFlex Rack products.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security updates provided by Dell to patch CVE-2025-32749 on affected PowerFlex Manager, PowerFlex Appliance Intelligent Catalog, and PowerFlex Rack installations.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Potential Directory Listing Attempt via HTTP GET\u0026rdquo; to identify suspicious HTTP requests indicative of directory listing attempts.\u003c/li\u003e\n\u003cli\u003eReview and restrict access permissions on the PowerFlex Manager server to prevent unauthorized access to sensitive files and directories.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual HTTP requests and responses that could indicate directory traversal or information disclosure attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:31:30Z","date_published":"2026-05-26T13:31:30Z","id":"https://feed.craftedsignal.io/briefs/2026-05-dell-powerflex-directory-listing/","summary":"Dell PowerFlex Manager versions 4.6.2 and earlier contain a directory listing vulnerability (CVE-2025-32749) that allows an unauthenticated remote attacker to expose sensitive information.","title":"Dell PowerFlex Manager Directory Listing Vulnerability (CVE-2025-32749)","url":"https://feed.craftedsignal.io/briefs/2026-05-dell-powerflex-directory-listing/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PowerFlex Appliance Intelligent Catalog","PowerFlex Manager","PowerFlex Rack"],"_cs_severities":["medium"],"_cs_tags":["privilege-escalation","cve-2025-32747","dell"],"_cs_type":"advisory","_cs_vendors":["Dell"],"content_html":"\u003cp\u003eDell PowerFlex Manager versions 4.6.2 and earlier are vulnerable to an Incorrect Privilege Assignment issue (CVE-2025-32747). This vulnerability allows a low-privileged attacker with local access to potentially elevate their privileges within the system. The vulnerability exists within the Dell PowerFlex Appliance Intelligent Catalog, PowerFlex Manager, and PowerFlex Rack products. Exploitation requires local access, limiting the attack surface, but successful exploitation leads to a complete compromise of the affected system. Defenders need to ensure timely patching of these products to mitigate the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial low-privileged local access to the PowerFlex Manager system.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the presence of CVE-2025-32747.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious request to an affected endpoint within the PowerFlex Manager.\u003c/li\u003e\n\u003cli\u003eThe request exploits the incorrect privilege assignment, bypassing access controls.\u003c/li\u003e\n\u003cli\u003eThe system improperly processes the request due to the privilege assignment vulnerability.\u003c/li\u003e\n\u003cli\u003eAttacker leverages elevated privileges to modify system configurations.\u003c/li\u003e\n\u003cli\u003eAttacker escalates privileges to administrator level.\u003c/li\u003e\n\u003cli\u003eAttacker gains complete control over the PowerFlex Manager system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-32747 allows a low-privileged attacker to elevate their privileges to administrator level on the Dell PowerFlex Manager. This can lead to unauthorized access to sensitive data, modification of critical system settings, and potential compromise of the entire infrastructure managed by PowerFlex. The impact is high due to the potential for complete system takeover.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security updates provided by Dell to address CVE-2025-32747 on affected PowerFlex Manager, PowerFlex Appliance Intelligent Catalog and PowerFlex Rack installations (see references).\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u003ccode\u003eDetect CVE-2025-32747 Attempt — Suspicious PowerFlex Manager Privilege Escalation\u003c/code\u003e to detect potential exploitation attempts on your systems.\u003c/li\u003e\n\u003cli\u003eMonitor logs for suspicious activity indicative of local privilege escalation attempts.\u003c/li\u003e\n\u003cli\u003eReview and enforce strict access control policies to limit the potential impact of compromised low-privileged accounts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:31:13Z","date_published":"2026-05-26T13:31:13Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-32747-dell-privesc/","summary":"Dell PowerFlex Manager versions 4.6.2 and earlier contain an Incorrect Privilege Assignment vulnerability (CVE-2025-32747) that allows a low-privileged attacker with local access to elevate privileges.","title":"CVE-2025-32747: Dell PowerFlex Manager Incorrect Privilege Assignment Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-32747-dell-privesc/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PowerFlex Manager","PowerFlex Appliance Intelligent Catalog","PowerFlex Rack"],"_cs_severities":["medium"],"_cs_tags":["open-redirect","cve-2025-26483","phishing","dell"],"_cs_type":"threat","_cs_vendors":["Dell"],"content_html":"\u003cp\u003eDell PowerFlex Manager versions 4.6.2 and prior are vulnerable to an open redirect vulnerability (CVE-2025-26483). An unauthenticated attacker can exploit this flaw to redirect a targeted application user to an arbitrary web URL. This vulnerability poses a significant risk, as attackers can leverage it to conduct phishing attacks, tricking users into divulging sensitive information by redirecting them to malicious websites disguised as legitimate resources. This affects environments using PowerFlex Manager to manage their Dell infrastructure, potentially impacting a wide range of organizations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious URL containing a specially crafted redirect parameter targeting a vulnerable PowerFlex Manager endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious URL via phishing emails or other social engineering techniques, targeting users of the PowerFlex Manager application.\u003c/li\u003e\n\u003cli\u003eThe unsuspecting user clicks on the malicious URL.\u003c/li\u003e\n\u003cli\u003eThe user\u0026rsquo;s browser sends a request to the vulnerable PowerFlex Manager endpoint, including the attacker-controlled redirect parameter.\u003c/li\u003e\n\u003cli\u003eThe PowerFlex Manager application processes the request and generates an HTTP redirect response.\u003c/li\u003e\n\u003cli\u003eThe HTTP redirect response instructs the user\u0026rsquo;s browser to navigate to the URL specified in the attacker-controlled redirect parameter.\u003c/li\u003e\n\u003cli\u003eThe user\u0026rsquo;s browser automatically redirects to the attacker-specified URL, which could be a phishing page designed to steal credentials or other sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this open redirect vulnerability (CVE-2025-26483) can lead to users being redirected to phishing websites. Attackers could leverage this to harvest user credentials, sensitive data, or even deliver malware. The impact includes potential data breaches, financial losses, and reputational damage for organizations using vulnerable versions of Dell PowerFlex Manager. While the exact number of potential victims is unknown, all organizations using affected versions of PowerFlex Manager are at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Dell PowerFlex Manager to a version beyond 4.6.2 to patch CVE-2025-26483.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on URL parameters within web applications to prevent open redirect vulnerabilities; see the example rule \u003ccode\u003eDetect Open Redirect Vulnerability Attempt\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of phishing attacks and encourage them to verify the legitimacy of URLs before clicking on them, especially those received via email.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious redirect activity, such as redirects to unusual or untrusted domains, using a rule like \u003ccode\u003eDetect Open Redirect - Unusual Redirect Target\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-26T13:30:59Z","date_published":"2026-05-26T13:30:59Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-26483-dell-powerflex-open-redirect/","summary":"Dell PowerFlex Manager versions 4.6.2 and prior contains an open redirect vulnerability (CVE-2025-26483) that allows an unauthenticated attacker to redirect a targeted user to an arbitrary web URL, potentially enabling phishing attacks.","title":"CVE-2025-26483: Dell PowerFlex Manager Open Redirect Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2025-26483-dell-powerflex-open-redirect/"}],"language":"en","title":"CraftedSignal Threat Feed — PowerFlex Manager","version":"https://jsonfeed.org/version/1.1"}