Description
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information.
Published: 2026-05-22
Score: 4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerFlex Manager versions up to 4.6.2 insecurely store sensitive data, allowing a local attacker who does not need to authenticate to read protected information. This weakness means that anyone able to reach the PowerFlex Manager system locally, for example via a local console or unintended physical access, could gain unauthorized insight into credentials or other data stored by the manager. The vulnerability is categorized as CWE‑922 and presents a low exploitation severity per the CVSS of 4.0.

Affected Systems

The affected products are Dell PowerFlex Manager, including the Appliance and Rack deployments, for all releases through 4.6.2. Any installation using a version equal to or older than 4.6.2 should be reviewed.

Risk and Exploitability

The CVSS score of 4 indicates a low severity; however the flaw opens a local, unauthenticated data‑exposure path. Because an attacker requires only local access, the potential impact is primarily the leakage of confidential information. Exploitation does not lead to code execution or denial of service and the EPSS score is not available, suggesting limited published evidence of exploitation. The vulnerability is not listed in CISA KEV, but organizations should still mitigate promptly to prevent data exposure.

Generated by OpenCVE AI on May 22, 2026 at 14:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Dell PowerFlex Manager security update DSA-2025-434 for Appliance or DSA-2025-435 for Rack to move to version 4.6.3 or later.
  • Verify the system’s current version; if it is 4.6.2 or older, immediately apply the update.
  • Restrict physical and local console access to the PowerFlex Manager infrastructure and enforce strong monitoring for any unauthorized local activity.

Generated by OpenCVE AI on May 22, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 15:15:00 +0000

Type Values Removed Values Added
Title Insecure Storage of Sensitive Information in Dell PowerFlex Manager
First Time appeared Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack
Vendors & Products Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack

Fri, 22 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information.
Weaknesses CWE-922
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Dell Powerflex Manager Powerflex Manager Appliance Powerflex Manager Rack
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-23T02:31:04.494Z

Reserved: 2025-04-10T05:03:51.739Z

Link: CVE-2025-32746

cve-icon Vulnrichment

Updated: 2026-05-23T02:30:59.829Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T15:00:18Z

Weaknesses