DSA-2025-434: Security Update for Dell PowerFlex Appliance Multiple Third-Party Component Vulnerabilities

Zusammenfassung: Dell PowerFlex Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Auswirkungen

Critical

Details

Third-party Component CVEs More Information
Dell PowerEdge Server BIOS CVE-2024-31068, CVE-2024-28047, CVE-2024-39279, CVE-2024-36293, CVE-2024-28956, CVE-2024-45332, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2024-36357, CVE-2024-36350, CVE-2024-36348, CVE-2024-33607, CVE-2025-20109, CVE-2025-20044, CVE-2024-56161, CVE-2024-25571, CVE-2024-37020, CVE-2024-21859, CVE-2024-31155 DSA-2024-381, DSA-2025-041, DSA-2025-156, DSA-2025-181, DSA-2025-324, DSA-2025-156, DSA-2025-040, DSA-2025-042
iDRAC CVE-2025-26482, CVE-2025-22397, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-2961, CVE-2024-52533, CVE-2023-6780, CVE-2025-26466 DSA-2025-046,DSA-2025-146, DSA-2025-145
VMware CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228, CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239, CVE-2025-41241, CVE-2025-41250 VMSA-2025-0010This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2025-0013This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2025-0014This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2025-0016This hyperlink is taking you to a website outside of Dell Technologies.
Sudo CVE-2025-32463 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Embedded Service Enabler CVE-2025-0938, CVE-2025-31115, CVE-2024-35195, CVE-2022-40899, CVE-2024-7592, CVE-2024-2511, CVE-2024-37891, CVE-2023-32681, CVE-2024-47611, CVE-2024-6232, CVE-2020-22916, CVE-2024-3219, CVE-2024-6923, CVE-2024-6345, CVE-2023-7104, CVE-2025-26329, CVE-2024-39689 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Numpy CVE-2021-41495 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenJDK CVE-2025-21502 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2023-48795 https://nvd.nist.gov/vuln/search
Go CVE-2024-24790 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
PostgreSQL CVE-2024-0985, CVE-2023-5869 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Redis CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
IntelAdapters CVE-2024-24852, CVE-2024-36274 DSA-2025-042
bundler CVE-2020-36327 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
cryptography CVE-2023-50782 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Docker CVE-2024-41110 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
GoFiber CVE-2024-38513 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
GoGo Protobuf CVE-2021-3121 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
pgproto3, pgx CVE-2024-27304 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2024-2961, CVE-2024-33599, CVE-2024-33600 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
golang.org/x/crypto CVE-2022-27191 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
java-17-openjdk CVE-2024-20918, CVE-2024-20932, CVE-2024-20952, CVE-2024-21147 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-core CVE-2024-10039, CVE-2023-6841 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-quarkus-server CVE-2024-10451 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-saml-core CVE-2024-8698 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-services CVE-2024-3656, CVE-2024-7341, CVE-2024-4540, CVE-2024-1132, CVE-2024-1249, CVE-2023-6291, CVE-2024-2419, CVE-2024-10270 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2024-26458, CVE-2024-26461, CVE-2024-26462, CVE-2024-37370 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libxml2-2 CVE-2024-56171 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
nokogiri CVE-2025-24855, CVE-2024-55549 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
postgresql15 CVE-2025-1094 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
rexml CVE-2021-28965, CVE-2024-43398 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
go-grpc-compression CVE-2024-36129 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
stdlib CVE-2022-30632, CVE-2023-45288, CVE-2024-24791, CVE-2024-34156 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2025-46371 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32751 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32750   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32749   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32747   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32746   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32745   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering. 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-26483 Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2025-46371 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32751 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32750   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32749   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32747   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32746   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32745   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering. 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-26483 Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.

Betroffene Produkte und Korrektur

Product Affected Versions Remediated Versions Link
PowerFlex Appliance Versions prior to IC 48.378.00 Version IC 48.378.00 IC release
PowerFlex Appliance Versions prior to IC 48.383.00 Version IC 48.383.00 IC release
Product Affected Versions Remediated Versions Link
PowerFlex Appliance Versions prior to IC 48.378.00 Version IC 48.378.00 IC release
PowerFlex Appliance Versions prior to IC 48.383.00 Version IC 48.383.00 IC release

Revisionsverlauf

RevisionDateDescription
1.02025-11-13Initial Release
2.02025-11-17Updated CVE Identifier, Third Party Components: Added CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819
3.02025-11-24Updated CVE Identifier, Third Party Components: Added CVE-2024-24852, CVE-2024-36274
4.02025-11-26Added details for CVE-2025-41250
5.02025-12-11Update addressed 40 CVEs in Third Party Components

Zugehörige Informationen

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Rechtlicher Hinweis

Betroffene Produkte

PowerFlex Appliance, ScaleIO, PowerFlex appliance Intelligent Catalog Software
Artikeleigenschaften
Artikelnummer: 000391392
Artikeltyp: Dell Security Advisory
Zuletzt geändert: 11 Dez. 2025
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.