Description
Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.
Published: 2026-05-22
Score: 6.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Open Redirect flaw present in Dell PowerFlex Manager versions 4.6.2 and earlier. An unauthenticated attacker could redirect a target user’s browser to a malicious URL, enabling phishing or credential‑stealing attacks. The flaw corresponds to CWE‑601 and can compromise confidentiality via phishing.

Affected Systems

Dell PowerFlex Manager, including the Appliance and Rack editions. The issue affects all deployments running version 4.6.2 or older.

Risk and Exploitability

The CVSS score of 6.1 indicates a moderate severity. The EPSS score is not provided, so the exploitation likelihood is unclear. The vulnerability is not listed in CISA KEV, and the lack of authentication requirements means an attacker can trigger it remotely. Detection requires monitoring outbound redirects or employing trusted URL lists.

Generated by OpenCVE AI on May 22, 2026 at 15:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dell’s PowerFlex Manager security update (4.6.3 or later) using the provided Dell Knowledge Base update documents.
  • Implement URL validation in the web interface to reject or neutralize untrusted redirect URLs.
  • Block or monitor traffic to known malicious domains and enforce a whitelist of permissible redirect targets.
  • Educate users to verify URLs before clicking and to report unexpected redirects.

Generated by OpenCVE AI on May 22, 2026 at 15:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Open Redirect in Dell PowerFlex Manager Enabling Phishing
First Time appeared Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack
Vendors & Products Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack

Fri, 22 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Dell Powerflex Manager Powerflex Manager Appliance Powerflex Manager Rack
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-22T17:22:06.195Z

Reserved: 2025-02-11T06:06:12.147Z

Link: CVE-2025-26483

cve-icon Vulnrichment

Updated: 2026-05-22T17:22:00.486Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T15:15:09Z

Weaknesses