Dell PowerFlex Rack
CVE-2025-32748
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Network-accessible unauthenticated endpoint (AV:N/PR:N); redirect yields limited confidentiality exposure only (C:L); victim must follow the redirect (UI:R); no integrity or availability impact applies.
Primary rating from Vendor (dell).
CVSS VectorVendor: dell
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections.
AnalysisAI
Host Header Injection in Dell PowerFlex Rack RCM 3.7 enables unauthenticated remote attackers to trigger open redirects by supplying a forged HTTP Host header, potentially redirecting victim users to attacker-controlled sites for phishing or credential harvesting. The CVSS 4.3 Medium score reflects the requirement for user interaction (UI:R) and limited confidentiality impact, with no integrity or availability consequence. No public exploit code has been identified at time of analysis, and the vulnerability has no CISA KEV listing.
Technical ContextAI
Dell PowerFlex Rack is a hyperconverged infrastructure platform; the affected component is its Rack Configuration Manager (RCM) at version 3.7. CWE-601 (URL Redirection to Untrusted Site / Open Redirect) identifies the root cause: the RCM web interface incorporates the HTTP Host header - a client-controlled value - into server-generated redirect responses without adequate validation or allowlisting. When the application constructs redirect URLs (e.g., during login, logout, or password-reset flows) from the untrusted Host header, an attacker can substitute an arbitrary domain, causing the server to issue a 3xx redirect pointing to an attacker-controlled site. The CPE string cpe:2.3:a:dell:powerflex_rack:*:*:*:*:*:*:*:* uses a wildcard version field, indicating NVD has not independently constrained the affected range beyond the vendor-stated RCM 3.7.
RemediationAI
Consult the Dell security advisory at https://www.dell.com/support/kbdoc/en-us/000059672/ifgroup-not-working-correctly-when-ip-range-is-used for the authoritative patch guidance; a specific fixed version number is not independently confirmed from the available input data - patch status is 'available per vendor advisory.' As a compensating control, restrict network access to the PowerFlex Rack RCM management interface using firewall rules or network segmentation so that only trusted administrative subnets can reach the web console, significantly reducing attacker ability to deliver forged Host header requests to the server. Ensure administrative users access RCM only via bookmarked, internally-distributed URLs rather than links received in email or chat, reducing susceptibility to redirect-based phishing. Where the platform supports it, configure a reverse proxy or load balancer to enforce a strict Host header allowlist, rejecting requests whose Host value does not match the authoritative management hostname.
More from same product – last 7 days
Host header injection in Nezha Monitoring versions 1.0.0 through 2.2.0 allows unauthenticated remote attackers to redire
Open redirect in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) allows remote unauthenticated attackers to craft Aqara
Open redirection in Password Manager exposes users to phishing attacks by failing to validate the X-Forwarded-Host HTTP
Open redirection in the Password Manager authentication system enables network-accessible, unauthenticated attackers to
DigestAuthMiddleware in aiohttp leaks HTTP Digest authentication credentials to attacker-controlled cross-origin redirec
Share
External POC / Exploit Code
Leaving vuln.today