DSA-2025-434: Security Update for Dell PowerFlex Appliance Multiple Third-Party Component Vulnerabilities

Sommaire: Dell PowerFlex Appliance remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.

Cet article s’applique à Cet article ne s’applique pas à Cet article n’est lié à aucun produit spécifique. Toutes les versions de produits ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Impact

Critical

Détails

Third-party Component CVEs More Information
Dell PowerEdge Server BIOS CVE-2024-31068, CVE-2024-28047, CVE-2024-39279, CVE-2024-36293, CVE-2024-28956, CVE-2024-45332, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2024-36357, CVE-2024-36350, CVE-2024-36348, CVE-2024-33607, CVE-2025-20109, CVE-2025-20044, CVE-2024-56161, CVE-2024-25571, CVE-2024-37020, CVE-2024-21859, CVE-2024-31155 DSA-2024-381, DSA-2025-041, DSA-2025-156, DSA-2025-181, DSA-2025-324, DSA-2025-156, DSA-2025-040, DSA-2025-042
iDRAC CVE-2025-26482, CVE-2025-22397, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-2961, CVE-2024-52533, CVE-2023-6780, CVE-2025-26466 DSA-2025-046,DSA-2025-146, DSA-2025-145
VMware CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228, CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239, CVE-2025-41241, CVE-2025-41250 VMSA-2025-0010This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2025-0013This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2025-0014This hyperlink is taking you to a website outside of Dell Technologies., VMSA-2025-0016This hyperlink is taking you to a website outside of Dell Technologies.
Sudo CVE-2025-32463 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Embedded Service Enabler CVE-2025-0938, CVE-2025-31115, CVE-2024-35195, CVE-2022-40899, CVE-2024-7592, CVE-2024-2511, CVE-2024-37891, CVE-2023-32681, CVE-2024-47611, CVE-2024-6232, CVE-2020-22916, CVE-2024-3219, CVE-2024-6923, CVE-2024-6345, CVE-2023-7104, CVE-2025-26329, CVE-2024-39689 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Numpy CVE-2021-41495 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenJDK CVE-2025-21502 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
OpenSSH CVE-2023-48795 https://nvd.nist.gov/vuln/search
Go CVE-2024-24790 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
PostgreSQL CVE-2024-0985, CVE-2023-5869 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Redis CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
IntelAdapters CVE-2024-24852, CVE-2024-36274 DSA-2025-042
bundler CVE-2020-36327 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
cryptography CVE-2023-50782 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
Docker CVE-2024-41110 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
GoFiber CVE-2024-38513 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
GoGo Protobuf CVE-2021-3121 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
pgproto3, pgx CVE-2024-27304 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
glibc CVE-2024-2961, CVE-2024-33599, CVE-2024-33600 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
golang.org/x/crypto CVE-2022-27191 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
java-17-openjdk CVE-2024-20918, CVE-2024-20932, CVE-2024-20952, CVE-2024-21147 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-core CVE-2024-10039, CVE-2023-6841 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-quarkus-server CVE-2024-10451 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-saml-core CVE-2024-8698 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
keycloak-services CVE-2024-3656, CVE-2024-7341, CVE-2024-4540, CVE-2024-1132, CVE-2024-1249, CVE-2023-6291, CVE-2024-2419, CVE-2024-10270 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
krb5 CVE-2024-26458, CVE-2024-26461, CVE-2024-26462, CVE-2024-37370 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
libxml2-2 CVE-2024-56171 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
nokogiri CVE-2025-24855, CVE-2024-55549 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
postgresql15 CVE-2025-1094 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
rexml CVE-2021-28965, CVE-2024-43398 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
go-grpc-compression CVE-2024-36129 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.
stdlib CVE-2022-30632, CVE-2023-45288, CVE-2024-24791, CVE-2024-34156 https://nvd.nist.gov/vuln/searchThis hyperlink is taking you to a website outside of Dell Technologies.

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2025-46371 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32751 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32750   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32749   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32747   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32746   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32745   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering. 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-26483 Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2025-46371 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32751 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32750   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32749   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32747   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32746   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-32745   Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering. 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.
CVE-2025-26483 Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NThis hyperlink is taking you to a website outside of Dell Technologies.

 

Dell Technologies recommande à tous ses clients de tenir compte à la fois du score de base CVSS et de tous les scores temporels et environnementaux pertinents qui pourraient avoir une incidence sur la gravité potentielle associée à une vulnérabilité de sécurité particulière.

Produits touchés et correction

Product Affected Versions Remediated Versions Link
PowerFlex Appliance Versions prior to IC 48.378.00 Version IC 48.378.00 IC release
PowerFlex Appliance Versions prior to IC 48.383.00 Version IC 48.383.00 IC release
Product Affected Versions Remediated Versions Link
PowerFlex Appliance Versions prior to IC 48.378.00 Version IC 48.378.00 IC release
PowerFlex Appliance Versions prior to IC 48.383.00 Version IC 48.383.00 IC release

Historique de révision

RevisionDateDescription
1.02025-11-13Initial Release
2.02025-11-17Updated CVE Identifier, Third Party Components: Added CVE-2025-49844, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819
3.02025-11-24Updated CVE Identifier, Third Party Components: Added CVE-2024-24852, CVE-2024-36274
4.02025-11-26Added details for CVE-2025-41250
5.02025-12-11Update addressed 40 CVEs in Third Party Components

Renseignements connexes

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Avis de non-responsabilité

Produits touchés

PowerFlex Appliance, ScaleIO, PowerFlex appliance Intelligent Catalog Software
Propriétés de l’article
Numéro d’article: 000391392
Type d’article: Dell Security Advisory
Dernière modification: 11 déc. 2025
Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell
Services de soutien
Vérifiez si votre appareil est couvert par les services de soutien.