Description
Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Published: 2026-05-20
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Exposure of Information Through Directory Listing that allows an unauthenticated attacker with remote access to view the contents of directories on the PowerFlex Manager system. The attack can leak configuration files, logs, or other sensitive data, resulting in a breach of confidentiality for all users who rely on the manager service.

Affected Systems

Dell PowerFlex Manager, PowerFlex Manager (Appliance), and PowerFlex Manager (Rack) running version 4.6.2 or earlier are susceptible to this flaw.

Risk and Exploitability

A CVSS score of 7.5 indicates high severity. Because the vulnerability can be accessed remotely without authentication, the attack vector is likely a web or management interface. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, but the potential for information disclosure remains significant for affected installations.

Generated by OpenCVE AI on May 20, 2026 at 16:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Dell PowerFlex Manager security update (version greater than 4.6.2) or apply the official patch supplied by Dell
  • Confirm that directory listing is disabled in the web server or application configuration for the PowerFlex Manager services
  • Restrict network access to the PowerFlex Manager interfaces and enforce strong authentication controls to limit exposure to trusted users

Generated by OpenCVE AI on May 20, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title PowerFlex Manager Directory Listing Information Disclosure Vulnerability

Wed, 20 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
Weaknesses CWE-548
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-05-20T15:34:20.477Z

Reserved: 2025-04-10T05:03:51.740Z

Link: CVE-2025-32750

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T16:16:24.803

Modified: 2026-05-20T17:30:40.450

Link: CVE-2025-32750

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T16:30:14Z

Weaknesses