CVE-2025-32748 Dell CVE debrief

Who should care

Administrators and security teams responsible for Dell PowerFlex rack systems, particularly those using versions RCM 3.7/3.7, should be aware of this vulnerability and take necessary precautions to prevent exploitation.

Technical summary

The CVE-2025-32748 vulnerability is classified as a Host Header Injection issue in Dell PowerFlex rack, versions RCM 3.7/3.7. This vulnerability has a CVSS score of 4.3 and a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. It allows an unauthenticated attacker with remote access to potentially exploit this vulnerability to trigger redirections. The weakness associated with this vulnerability is CWE-601.

Defensive priority

medium

Recommended defensive actions

• Review and update Dell PowerFlex rack systems to ensure they are not using vulnerable versions RCM 3.7/3.7.
• Implement proper input validation and sanitization for host headers.
• Monitor systems for unusual redirection activity.
• Restrict access to Dell PowerFlex rack systems to only necessary personnel.
• Regularly review and apply security patches and updates provided by Dell.
• Consider implementing a web application firewall (WAF) to detect and prevent exploitation attempts.

Evidence notes

The information provided is based on data from official sources, including the CVE.org record [cve-org] and the NVD detail page [nvd]. A reference to a Dell support article [ref-4] is also available, discussing related issues. The vendor information is currently marked as 'Unknown Vendor' with low confidence, though there is evidence suggesting the vendor may be Dell.

Official resources