DSA-2025-435: Security Update for Dell PowerFlex Rack Multiple Third-Party Component Vulnerabilities
Resumen: Dell PowerFlex Rack remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Impacto
Critical
Detalles
| Third-party Component | CVEs | More Information |
| Dell PowerEdge Server BIOS | CVE-2024-31068, CVE-2024-28047, CVE-2024-39279, CVE-2024-36293, CVE-2024-28956, CVE-2024-45332, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2024-36357, CVE-2024-36350, CVE-2024-36348, CVE-2024-33607, CVE-2025-20109, CVE-2025-20044, CVE-2024-56161, CVE-2024-25571, CVE-2024-37020, CVE-2024-21859, CVE-2024-31155 | DSA-2024-381, DSA-2025-041, DSA-2025-156, DSA-2025-181, DSA-2025-324, DSA-2025-156, DSA-2025-040, DSA-2025-042, https://nvd.nist.gov/vuln/search  |
| iDRAC | CVE-2025-26482, CVE-2025-22397, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-2961, CVE-2024-52533, CVE-2023-6780, CVE-2025-26466 | DSA-2025-046, DSA-2025-146, DSA-2025-145 |
| Cisco Switches | CVE-2025-20191, CVE-2025-20161, CVE-2025-20111 | https://nvd.nist.gov/vuln/search |
| VMware | CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228, CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239, CVE-2025-41241, CVE-2025-41250 | VMSA-2025-0010, VMSA-2025-0013, VMSA-2025-0014, VMSA-2025-0016 |
| Sudo | CVE-2025-32463 | https://nvd.nist.gov/vuln/search |
| Embedded Service Enabler | CVE-2025-0938, CVE-2025-31115, CVE-2024-35195, CVE-2022-40899, CVE-2024-7592, CVE-2024-2511, CVE-2024-37891, CVE-2023-32681, CVE-2024-47611, CVE-2024-6232, CVE-2020-22916, CVE-2024-3219, CVE-2024-6923, CVE-2024-6345, CVE-2023-7104, CVE-2025-26329, CVE-2024-39689 | https://nvd.nist.gov/vuln/search |
| Numpy | CVE-2021-41495 | https://nvd.nist.gov/vuln/search |
| OpenJDK | CVE-2025-21502 | https://nvd.nist.gov/vuln/search |
| OpenSSH | CVE-2023-48795 | https://nvd.nist.gov/vuln/search |
| Go | CVE-2024-24790 | https://nvd.nist.gov/vuln/search |
| PostgreSQL | CVE-2024-0985, CVE-2023-5869 | https://nvd.nist.gov/vuln/search |
| Redis | CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819 | https://nvd.nist.gov/vuln/search |
| IntelAdapters | CVE-2024-24852, CVE-2024-36274 | DSA-2025-042 |
| bundler | CVE-2020-36327 | https://nvd.nist.gov/vuln/search |
| cryptography | CVE-2023-50782 | https://nvd.nist.gov/vuln/search |
| Docker | CVE-2024-41110 | https://nvd.nist.gov/vuln/search |
| GoFiber | CVE-2024-38513 | https://nvd.nist.gov/vuln/search |
| GoGo Protobuf | CVE-2021-3121 | https://nvd.nist.gov/vuln/search |
| pgproto3, pgx | CVE-2024-27304 | https://nvd.nist.gov/vuln/search |
| glibc | CVE-2024-2961, CVE-2024-33599, CVE-2024-33600 | https://nvd.nist.gov/vuln/search |
| golang.org/x/crypto | CVE-2022-27191 | https://nvd.nist.gov/vuln/search |
| java-17-openjdk | CVE-2024-20918, CVE-2024-20932, CVE-2024-20952, CVE-2024-21147 | https://nvd.nist.gov/vuln/search |
| keycloak-core | CVE-2024-10039, CVE-2023-6841 | https://nvd.nist.gov/vuln/search |
| keycloak-quarkus-server | CVE-2024-10451 | https://nvd.nist.gov/vuln/search |
| keycloak-saml-core | CVE-2024-8698 | https://nvd.nist.gov/vuln/search |
| keycloak-services | CVE-2024-3656, CVE-2024-7341, CVE-2024-4540, CVE-2024-1132, CVE-2024-1249, CVE-2023-6291, CVE-2024-2419, CVE-2024-10270 | https://nvd.nist.gov/vuln/search |
| krb5 | CVE-2024-26458, CVE-2024-26461, CVE-2024-26462, CVE-2024-37370 | https://nvd.nist.gov/vuln/search |
| libxml2-2 | CVE-2024-56171 | https://nvd.nist.gov/vuln/search |
| nokogiri | CVE-2025-24855, CVE-2024-55549 | https://nvd.nist.gov/vuln/search |
| postgresql15 | CVE-2025-1094 | https://nvd.nist.gov/vuln/search |
| rexml | CVE-2021-28965, CVE-2024-43398 | https://nvd.nist.gov/vuln/search |
| go-grpc-compression | CVE-2024-36129 | https://nvd.nist.gov/vuln/search |
| stdlib | CVE-2022-30632, CVE-2023-45288, CVE-2024-24791, CVE-2024-34156 | https://nvd.nist.gov/vuln/search |
| Keycloak | CVE-2025-7962, CVE-2025-49574, CVE-2025-55163, CVE-2025-58057, CVE-2025-48924, CVE-2025-9162, CVE-2025-8419, CVE-2025-7784, CVE-2025-7365, CVE-2025-50106, CVE-2025-30749 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-46371 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. | 3.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2025-32751 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CVE-2025-32750 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2025-32749 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | 5.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| CVE-2025-32747 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | 5.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| CVE-2025-32746 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. | 4.0 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2025-32745 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering. | 4.2 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
| CVE-2025-26483 | Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-46371 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. | 3.6 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
| CVE-2025-32751 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CVE-2025-32750 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| CVE-2025-32749 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | 5.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| CVE-2025-32747 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | 5.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
| CVE-2025-32746 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. | 4.0 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVE-2025-32745 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering. | 4.2 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
| CVE-2025-26483 | Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Corrección y productos afectados
| Product | Affected Versions | Remediated Versions | Link |
| PowerFlex rack | Versions prior to 3.7.8.0 | Version 3.7.8.0 | RCM release |
| PowerFlex Rack | Versions prior to 3.8.3.0 | Version 3.8.3.0 | RCM release |
| Product | Affected Versions | Remediated Versions | Link |
| PowerFlex rack | Versions prior to 3.7.8.0 | Version 3.7.8.0 | RCM release |
| PowerFlex Rack | Versions prior to 3.8.3.0 | Version 3.8.3.0 | RCM release |
In the case of manual upgrade for PowerFlex rack, please see this link: https://www.dell.com/support/home/en-us/product-support/product/powerflex-rack-rcm-sw/drivers
Historial de revisiones
| Revision | Date | Description |
| 1.0 | 2025-11-13 | Initial Release |
| 2.0 | 2025-11-17 | Updated CVE Identifier, Third Party Components: Added CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819 |
| 3.0 | 2025-11-24 | Updated CVE Identifier, Third Party Components: Added CVE-2024-24852, CVE-2024-36274 |
| 4.0 | 2025-11-26 | Added details for CVE-2025-41250 |
| 5.0 | 2025-12-11 | Update addressed 40 CVEs in Third Party Components |
| 6.0 | 2026-01-20 | Updated CVE Identifier, Third Party Components: Added Keycloak 11 CVEs |
Información relacionada
Descargo de responsabilidad
Productos afectados
PowerFlex rack, PowerFlex rack RCM SoftwarePropiedades del artículo
Número del artículo: 000391568
Tipo de artículo: Dell Security Advisory
Última modificación: 20 ene 2026
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.