PowerFlex Manager — CraftedSignal Threat Feed

Dell PowerFlex Manager Directory Listing Vulnerability (CVE-2025-32749)

hello@craftedsignal.io — Tue, 26 May 2026 13:31:30 +0000

A directory listing vulnerability exists in Dell PowerFlex Manager versions 4.6.2 and earlier (CVE-2025-32749). This flaw allows an unauthenticated attacker with remote network access to potentially list directories and expose sensitive information. The vulnerability stems from incorrect default permissions (CWE-276) within the application. Successful exploitation could reveal configuration files, credentials, or other sensitive data, potentially aiding further malicious activities. Dell has released security updates to address this vulnerability.

Attack Chain

The unauthenticated attacker identifies a vulnerable Dell PowerFlex Manager instance exposed on the network.
The attacker crafts a malicious HTTP request to a specific endpoint on the PowerFlex Manager server that is susceptible to directory listing.
The server, due to incorrect default permissions, responds with a listing of files and directories accessible to the webserver user.
The attacker analyzes the directory listing to identify potentially sensitive files, such as configuration files, log files, or backup files.
The attacker constructs further HTTP requests to retrieve the contents of these sensitive files.
The server, again due to insufficient access controls, serves the requested files to the attacker.
The attacker extracts sensitive information from the exposed files, such as usernames, passwords, API keys, or internal network configurations.
The attacker uses the gathered information to further compromise the PowerFlex Manager instance or other systems on the network.

Impact

Successful exploitation of this vulnerability could lead to the exposure of sensitive information, such as usernames, passwords, API keys, and internal network configurations. This information could be used by an attacker to gain unauthorized access to the PowerFlex Manager system, other systems on the network, or sensitive data stored within the PowerFlex environment. The vulnerability affects Dell PowerFlex Appliance Intelligent Catalog, PowerFlex Manager, and PowerFlex Rack products.

Recommendation

Apply the security updates provided by Dell to patch CVE-2025-32749 on affected PowerFlex Manager, PowerFlex Appliance Intelligent Catalog, and PowerFlex Rack installations.
Deploy the Sigma rule “Detect Potential Directory Listing Attempt via HTTP GET” to identify suspicious HTTP requests indicative of directory listing attempts.
Review and restrict access permissions on the PowerFlex Manager server to prevent unauthorized access to sensitive files and directories.
Monitor web server logs for unusual HTTP requests and responses that could indicate directory traversal or information disclosure attempts.

CVE-2025-32747: Dell PowerFlex Manager Incorrect Privilege Assignment Vulnerability

hello@craftedsignal.io — Tue, 26 May 2026 13:31:13 +0000

Dell PowerFlex Manager versions 4.6.2 and earlier are vulnerable to an Incorrect Privilege Assignment issue (CVE-2025-32747). This vulnerability allows a low-privileged attacker with local access to potentially elevate their privileges within the system. The vulnerability exists within the Dell PowerFlex Appliance Intelligent Catalog, PowerFlex Manager, and PowerFlex Rack products. Exploitation requires local access, limiting the attack surface, but successful exploitation leads to a complete compromise of the affected system. Defenders need to ensure timely patching of these products to mitigate the risk.

Attack Chain

Attacker gains initial low-privileged local access to the PowerFlex Manager system.
Attacker identifies the presence of CVE-2025-32747.
Attacker crafts a malicious request to an affected endpoint within the PowerFlex Manager.
The request exploits the incorrect privilege assignment, bypassing access controls.
The system improperly processes the request due to the privilege assignment vulnerability.
Attacker leverages elevated privileges to modify system configurations.
Attacker escalates privileges to administrator level.
Attacker gains complete control over the PowerFlex Manager system.

Impact

Successful exploitation of CVE-2025-32747 allows a low-privileged attacker to elevate their privileges to administrator level on the Dell PowerFlex Manager. This can lead to unauthorized access to sensitive data, modification of critical system settings, and potential compromise of the entire infrastructure managed by PowerFlex. The impact is high due to the potential for complete system takeover.

Recommendation

Apply the security updates provided by Dell to address CVE-2025-32747 on affected PowerFlex Manager, PowerFlex Appliance Intelligent Catalog and PowerFlex Rack installations (see references).
Implement the Sigma rule Detect CVE-2025-32747 Attempt — Suspicious PowerFlex Manager Privilege Escalation to detect potential exploitation attempts on your systems.
Monitor logs for suspicious activity indicative of local privilege escalation attempts.
Review and enforce strict access control policies to limit the potential impact of compromised low-privileged accounts.

CVE-2025-26483: Dell PowerFlex Manager Open Redirect Vulnerability

hello@craftedsignal.io — Tue, 26 May 2026 13:30:59 +0000

Dell PowerFlex Manager versions 4.6.2 and prior are vulnerable to an open redirect vulnerability (CVE-2025-26483). An unauthenticated attacker can exploit this flaw to redirect a targeted application user to an arbitrary web URL. This vulnerability poses a significant risk, as attackers can leverage it to conduct phishing attacks, tricking users into divulging sensitive information by redirecting them to malicious websites disguised as legitimate resources. This affects environments using PowerFlex Manager to manage their Dell infrastructure, potentially impacting a wide range of organizations.

Attack Chain

The attacker crafts a malicious URL containing a specially crafted redirect parameter targeting a vulnerable PowerFlex Manager endpoint.
The attacker distributes the malicious URL via phishing emails or other social engineering techniques, targeting users of the PowerFlex Manager application.
The unsuspecting user clicks on the malicious URL.
The user’s browser sends a request to the vulnerable PowerFlex Manager endpoint, including the attacker-controlled redirect parameter.
The PowerFlex Manager application processes the request and generates an HTTP redirect response.
The HTTP redirect response instructs the user’s browser to navigate to the URL specified in the attacker-controlled redirect parameter.
The user’s browser automatically redirects to the attacker-specified URL, which could be a phishing page designed to steal credentials or other sensitive information.

Impact

Successful exploitation of this open redirect vulnerability (CVE-2025-26483) can lead to users being redirected to phishing websites. Attackers could leverage this to harvest user credentials, sensitive data, or even deliver malware. The impact includes potential data breaches, financial losses, and reputational damage for organizations using vulnerable versions of Dell PowerFlex Manager. While the exact number of potential victims is unknown, all organizations using affected versions of PowerFlex Manager are at risk.

Recommendation

Upgrade Dell PowerFlex Manager to a version beyond 4.6.2 to patch CVE-2025-26483.
Implement input validation and sanitization on URL parameters within web applications to prevent open redirect vulnerabilities; see the example rule Detect Open Redirect Vulnerability Attempt.
Educate users about the risks of phishing attacks and encourage them to verify the legitimacy of URLs before clicking on them, especially those received via email.
Monitor web server logs for suspicious redirect activity, such as redirects to unusual or untrusted domains, using a rule like Detect Open Redirect - Unusual Redirect Target.