What is the CVSS score of CVE-2025-32750?

CVE-2025-32750 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Dell PowerFlex Manager are affected by CVE-2025-32750?

Dell PowerFlex Manager versions 4.6.2 and earlier contain an information disclosure vulnerability allowing unauthenticated remote attackers to enumerate sensitive server contents through exposed…. A patch is available.

How to fix or mitigate CVE-2025-32750?

Within 24 hours: Identify all Dell PowerFlex Manager instances running versions 4.6.2 or earlier and restrict unauthenticated network access to management interfaces using firewall rules and network segmentation. Within 7 days: Implement IP allowlisting to limit PowerFlex Manager access to authorized administrator networks only; enable detailed audit logging and establish monitoring for enumeration attempts. Within 30 days: Monitor Dell security advisories for patch availability; develop and execute upgrade timeline to patched versions when released; evaluate network isolation strategies to minimize attack surface.

Dell PowerFlex Manager CVE-2025-32750

EUVD-2025-209907 HIGH

Exposure of Information Through Directory Listing (CWE-548)

2026-05-20 dell

GHSA-7pfj-h559-r483

Information Disclosure Dell

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

May 20, 2026 - 16:01 EUVD

Analysis Generated

May 20, 2026 - 16:00 vuln.today

DescriptionNVD

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

AnalysisAI

Information disclosure in Dell PowerFlex Manager (Appliance, Rack, and core Manager) versions 4.6.2 and earlier allows unauthenticated remote attackers to enumerate server contents through exposed directory listings. The flaw carries a CVSS 7.5 (high) rating driven entirely by confidentiality impact and requires no privileges or user interaction, though no public exploit identified at time of analysis and the issue is not on CISA KEV.

Technical ContextAI

Dell PowerFlex Manager is the management plane for Dell's software-defined storage and hyperconverged infrastructure stack (PowerFlex Appliance and PowerFlex Rack), providing lifecycle management, provisioning, and monitoring of compute and storage nodes. The root cause is CWE-548 (Exposure of Information Through Directory Listing), typically caused by a web server or application server (Apache, nginx, or an embedded Java container) configured to auto-generate index pages when no default document is present in a served directory. Per Dell's DSA-2025-434 and DSA-2025-435, this issue is bundled with multiple third-party component vulnerabilities, suggesting the directory listing is exposed by an underlying packaged web component rather than custom Dell application code.

RemediationAI

Patch available per vendor advisory - upgrade Dell PowerFlex Manager to a release later than 4.6.2 as specified in Dell DSA-2025-434 (Appliance, https://www.dell.com/support/kbdoc/en-us/000391392) and DSA-2025-435 (Rack, https://www.dell.com/support/kbdoc/en-us/000391568); the exact fixed build is not enumerated in the input data and should be confirmed against the live advisory. Until the upgrade is applied, restrict network access to the PowerFlex Manager web interface so it is reachable only from a dedicated management VLAN or jump host, which is Dell's recommended deployment posture and prevents anonymous internet or general-LAN access; the trade-off is that any admin workflow currently relying on broader reachability (for example, browser access from a user subnet) will break and must be moved behind the jump host or VPN. If a web application firewall fronts the management UI, add a rule to block requests to URIs that end in '/' and return auto-generated index pages, accepting the side effect that legitimate directory-browsing features (if any) will also be blocked.

More from same product – last 7 days

CVE-2025-26483 MEDIUM This Month

6.1 May 22

Open redirect vulnerability in Dell PowerFlex Manager 4.6.2 and prior enables unauthenticated remote attackers to craft

CVE-2025-32751 MEDIUM This Month

5.5 May 22

Dell PowerFlex Manager versions 4.6.2 and earlier improperly store sensitive information in a manner accessible to low-p

CVE-2025-32747 MEDIUM This Month

5.3 May 22

Incorrect Privilege Assignment in Dell PowerFlex Manager version 4.6.2 and earlier (both Appliance and Rack form factors

CVE-2025-32749 MEDIUM This Month

5.3 May 22

Directory listing exposure in Dell PowerFlex Manager versions 4.6.2 and earlier allows an attacker to enumerate director

CVE-2025-32745 MEDIUM This Month

4.2 May 22

Improper certificate validation in Dell PowerFlex Manager version 4.6.2 and earlier allows an unauthenticated attacker o

CVE-2025-32750 vulnerability details – vuln.today

Back

Dell PowerFlex Manager CVE-2025-32750

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code