DSA-2025-434: Security Update for Dell PowerFlex Appliance Multiple Third-Party Component Vulnerabilities

Oversigt: Dell PowerFlex Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Denne artikel gælder for Denne artikel gælder ikke for Denne artikel er ikke knyttet til et bestemt produkt. Det er ikke alle produktversioner, der er identificeret i denne artikel.
Udforsk andre ressourcer

Virkning

Critical

Oplysninger

Third-party Component CVEs More Information
Dell PowerEdge Server BIOS CVE-2024-31068, CVE-2024-28047, CVE-2024-39279, CVE-2024-36293, CVE-2024-28956, CVE-2024-45332, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2024-36357, CVE-2024-36350, CVE-2024-36348, CVE-2024-33607, CVE-2025-20109, CVE-2025-20044, CVE-2024-56161, CVE-2024-25571, CVE-2024-37020, CVE-2024-21859, CVE-2024-31155 DSA-2024-381, DSA-2025-041, DSA-2025-156, DSA-2025-181, DSA-2025-324, DSA-2025-156, DSA-2025-040, DSA-2025-042
iDRAC CVE-2025-26482, CVE-2025-22397, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-2961, CVE-2024-52533, CVE-2023-6780, CVE-2025-26466 DSA-2025-046,DSA-2025-146, DSA-2025-145
VMware CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228, CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239, CVE-2025-41241, CVE-2025-41250 VMSA-2025-0010This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2025-0013This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2025-0014This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2025-0016This hyperlink is taking you to a website outside of Dell Technologies.
Sudo CVE-2025-32463 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Embedded Service Enabler CVE-2025-0938, CVE-2025-31115, CVE-2024-35195, CVE-2022-40899, CVE-2024-7592, CVE-2024-2511, CVE-2024-37891, CVE-2023-32681, CVE-2024-47611, CVE-2024-6232, CVE-2020-22916, CVE-2024-3219, CVE-2024-6923, CVE-2024-6345, CVE-2023-7104, CVE-2025-26329, CVE-2024-39689 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Numpy CVE-2021-41495 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenJDK CVE-2025-21502 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2023-48795 https://nvd.nist.gov/vuln/search
Go CVE-2024-24790 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
PostgreSQL CVE-2024-0985, CVE-2023-5869 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Redis CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
IntelAdapters CVE-2024-24852, CVE-2024-36274 DSA-2025-042
bundler CVE-2020-36327 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
cryptography CVE-2023-50782 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Docker CVE-2024-41110 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
GoFiber CVE-2024-38513 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
GoGo Protobuf CVE-2021-3121 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
pgproto3, pgx CVE-2024-27304 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2024-2961, CVE-2024-33599, CVE-2024-33600 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
golang.org/x/crypto CVE-2022-27191 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
java-17-openjdk CVE-2024-20918, CVE-2024-20932, CVE-2024-20952, CVE-2024-21147 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-core CVE-2024-10039, CVE-2023-6841 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-quarkus-server CVE-2024-10451 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-saml-core CVE-2024-8698 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-services CVE-2024-3656, CVE-2024-7341, CVE-2024-4540, CVE-2024-1132, CVE-2024-1249, CVE-2023-6291, CVE-2024-2419, CVE-2024-10270 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2024-26458, CVE-2024-26461, CVE-2024-26462, CVE-2024-37370 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libxml2-2 CVE-2024-56171 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
nokogiri CVE-2025-24855, CVE-2024-55549 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
postgresql15 CVE-2025-1094 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
rexml CVE-2021-28965, CVE-2024-43398 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
go-grpc-compression CVE-2024-36129 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
stdlib CVE-2022-30632, CVE-2023-45288, CVE-2024-24791, CVE-2024-34156 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Keycloak CVE-2025-7962, CVE-2025-49574, CVE-2025-55163, CVE-2025-58057, CVE-2025-48924, CVE-2025-9162, CVE-2025-8419, CVE-2025-7784, CVE-2025-7365, CVE-2025-50106, CVE-2025-30749 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2025-46371 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32751 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32750   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32749   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32747   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32746   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32745   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering. 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-26483 Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2025-46371 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32751 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32750   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32749   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32747   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32746   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32745   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering. 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-26483 Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies anbefaler, at alle kunder tager hensyn til både CVSS-basisresultatet og alle relevante tidsmæssige og miljømæssige resultater, som kan have betydning for den potentielle alvorsgrad, der er forbundet med en bestemt sikkerhedsrisiko.

Berørte produkter og udbedring

Product Affected Versions Remediated Versions Link
PowerFlex Appliance Versions prior to IC 48.378.00 Version IC 48.378.00 IC release
PowerFlex Appliance Versions prior to IC 48.383.00 Version IC 48.383.00 IC release
Product Affected Versions Remediated Versions Link
PowerFlex Appliance Versions prior to IC 48.378.00 Version IC 48.378.00 IC release
PowerFlex Appliance Versions prior to IC 48.383.00 Version IC 48.383.00 IC release

Revisionshistorik

RevisionDateDescription
1.02025-11-13Initial Release
2.02025-11-17Updated CVE Identifier, Third Party Components: Added CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819
3.02025-11-24Updated CVE Identifier, Third Party Components: Added CVE-2024-24852, CVE-2024-36274
4.02025-11-26Added details for CVE-2025-41250
5.02025-12-11Update addressed 40 CVEs in Third Party Components
6.02026-01-20Updated CVE Identifier, Third Party Components: Added Keycloak 11 CVEs

Relaterede oplysninger

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Ansvarsfraskrivelse

Berørte produkter

PowerFlex Appliance, ScaleIO, PowerFlex appliance Intelligent Catalog Software
Artikelegenskaber
Artikelnummer: 000391392
Artikeltype: Dell Security Advisory
Senest ændret: 20 jan. 2026
Find svar på dine spørgsmål fra andre Dell-brugere
Supportservices
Kontrollér, om din enhed er dækket af supportservices.