Description
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Published: 2026-05-22
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dell PowerFlex Manager versions up to 4.6.2 are vulnerable to an Exposure of Information Through Directory Listing flaw. The weakness allows an unauthenticated attacker with remote access to enumerate and read directory contents, potentially revealing sensitive configuration files, logs, or other data that should be protected. The underlying issue is a Permissions Misconfiguration (CWE‑276).

Affected Systems

Affected systems are Dell PowerFlex Manager, including the appliance and rack deployments. Victim installations running version 4.6.2 or older are at risk; newer releases contain the fix.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate risk level. EPSS data is not available, but the vulnerability is accessible to anyone who can reach the PowerFlex Manager remotely without authentication, making exploitation likely in environments with inadequate network segmentation. The vulnerability is not currently listed in CISA’s Known Exploited Vulnerabilities catalog, though it remains a valid threat to information confidentiality.

Generated by OpenCVE AI on May 22, 2026 at 14:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Dell PowerFlex Manager security update DSA-2025-434 for the Appliance or DSA-2025-435 for the Rack to upgrade to a version newer than 4.6.2.
  • Adjust directory permissions to remove world‐readable access and disable directory listing in the web server configuration, ensuring CWE‑276 is addressed.
  • Restrict remote access to the PowerFlex Manager service by enforcing firewall rules or VPN gating, thereby limiting unauthenticated attackers’ reach.

Generated by OpenCVE AI on May 22, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 15:15:00 +0000

Type Values Removed Values Added
Title Information Exposure via Directory Listing in Dell PowerFlex Manager
First Time appeared Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack
Vendors & Products Dell
Dell powerflex Manager
Dell powerflex Manager Appliance
Dell powerflex Manager Rack

Fri, 22 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 22 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Dell Powerflex Manager Powerflex Manager Appliance Powerflex Manager Rack
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-22T14:01:31.144Z

Reserved: 2025-04-10T05:03:51.740Z

Link: CVE-2025-32749

cve-icon Vulnrichment

Updated: 2026-05-22T14:00:45.240Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T15:00:18Z

Weaknesses