Description
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published: 2026-05-22
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerFlex Manager up to version 4.6.2 is affected by an Incorrect Privilege Assignment flaw (CWE-266). A low‑privileged attacker with local access can exploit this vulnerability to elevate their privileges, potentially gaining unauthorized access to higher‑level functions and data. The CVSS score of 5.3 indicates a moderate severity, highlighting that the flaw can be abused if an attacker can reach a local management node.

Affected Systems

The affected products are Dell PowerFlex Manager, Dell PowerFlex Manager (Appliance), and Dell PowerFlex Manager (Rack) running any version up to and including 4.6.2. Both appliance and rack deployments are impacted.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting that widespread exploitation has not been confirmed. However, the local attack vector and the moderate CVSS score mean that an adversary who can get low‑privileged local access to a manager node could relatively easily raise their privileges. Organizations should assume the risk is moderate to high if local access is not tightly controlled.

Generated by OpenCVE AI on May 22, 2026 at 15:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerFlex Manager security update referenced in DSA‑2025‑434 for the appliance and DSA‑2025‑435 for the rack, ensuring the software version is higher than 4.6.2.
  • Restrict local access to management nodes by enforcing least privilege for local accounts and by segmenting management networks to limit the reach of any local attacker.
  • Monitor management-node logs for unauthorized privilege‑escalation attempts and investigate any anomalies promptly.

Generated by OpenCVE AI on May 22, 2026 at 15:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Incorrect Privilege Assignment in Dell PowerFlex Manager Up to 4.6.2

Fri, 22 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack
Vendors & Products Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack

Fri, 22 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Dell Powerflex Manager Powerflex Manager Appliance Powerflex Manager Rack
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-22T18:34:29.421Z

Reserved: 2025-04-10T05:03:51.739Z

Link: CVE-2025-32747

cve-icon Vulnrichment

Updated: 2026-05-22T18:34:17.799Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T15:15:09Z

Weaknesses