Description
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.
Published: 2026-05-22
Score: 4.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerFlex Manager versions up to 4.6.2 are affected by an Improper Certificate Validation flaw that can allow an unauthenticated attacker with adjacent network access to tamper with information. The vulnerability arises when the Manager accepts certificates that have not been properly verified, enabling a malicious actor to modify data or configuration that the Manager processes. The impact is limited to information tampering rather than full system compromise.

Affected Systems

Dell PowerFlex Manager, including the appliance and rack variants, with affected versions up to and including 4.6.2. Users of PowerFlex Manager in any of these deployments should check their installed version and apply the update when available.

Risk and Exploitability

The CVSS score of 4.2 indicates a low‑to‑moderate risk, and the vulnerability requires no authentication other than proximity to the network. EPSS data is not available, and the issue is not listed in the CISA KEV catalog, suggesting that exploitation in the wild is currently unreported. However, because the flaw permits manipulation of information, any adjacent attacker could succeed if the network is compromised.

Generated by OpenCVE AI on May 22, 2026 at 15:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerFlex Manager security updates published in DSA‑2025‑434 (Appliance) and DSA‑2025‑435 (Rack) to move beyond version 4.6.2.
  • Ensure strict certificate validation is enabled on the Manager and that untrusted certificates are properly rejected.
  • Limit network access to the Manager interface by implementing network segmentation and firewall rules to only allow trusted hosts.

Generated by OpenCVE AI on May 22, 2026 at 15:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Improper Certificate Validation in Dell PowerFlex Manager Enabling Information Tampering
First Time appeared Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack
Vendors & Products Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Dell Powerflex Manager Powerflex Manager Appliance Powerflex Manager Rack
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-22T13:48:15.505Z

Reserved: 2025-04-10T05:03:51.739Z

Link: CVE-2025-32745

cve-icon Vulnrichment

Updated: 2026-05-22T13:48:09.617Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T15:15:09Z

Weaknesses