CVE-2025-32750 Dell CVE debrief

Who should care

Dell PowerFlex Manager administrators, vulnerability management teams, and SOC/IR staff responsible for managing exposed or broadly reachable PowerFlex Manager deployments.

Technical summary

This issue is described as an exposure of information through directory listing (CWE-548) in Dell PowerFlex Manager. The supplied NVD data shows remote, unauthenticated attack conditions with high confidentiality impact and no integrity or availability impact. NVD currently lists the record as 'Awaiting Analysis.'

Defensive priority

High. The issue is remotely reachable, requires no authentication, and can expose sensitive information. Prioritize any PowerFlex Manager deployment at version 4.6.2 or earlier, especially if management interfaces are network-accessible.

Recommended defensive actions

• Review Dell's security update advisories DSA-2025-434 and DSA-2025-435 and apply Dell-provided remediation for affected PowerFlex deployments.
• Inventory PowerFlex Manager instances and confirm whether any are running version 4.6.2 or earlier; prioritize those systems for remediation.
• Restrict network access to PowerFlex Manager management interfaces until the affected systems are updated.
• Check for unintended directory browsing or exposed files on PowerFlex Manager endpoints and review access logs for suspicious unauthenticated requests.

Evidence notes

The supplied NVD record identifies CVE-2025-32750 as an information exposure issue with CWE-548 and CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The NVD vulnStatus is 'Awaiting Analysis.' Dell advisories referenced by NVD are DSA-2025-434 and DSA-2025-435. The corpus supports Dell as the vendor reference, but affected-version and remediation details should be confirmed directly in the vendor advisories.

Official resources