CVE-2025-32750 Overview
CVE-2025-32750 is an information disclosure vulnerability affecting Dell PowerFlex Manager versions 4.6.2 and earlier. The flaw stems from an exposure of information through directory listing [CWE-548]. An unauthenticated remote attacker can browse exposed directory contents over the network without user interaction. Successful exploitation discloses sensitive file and resource information that supports follow-on reconnaissance and targeted attacks. Dell published mitigation guidance through advisories DSA-2025-434 and DSA-2025-435 covering PowerFlex Appliance and PowerFlex Rack deployments.
Critical Impact
Unauthenticated network attackers can enumerate directory contents on Dell PowerFlex Manager, exposing file structure and resource information useful for further attack staging.
Affected Products
- Dell PowerFlex Manager versions <= 4.6.2
- Dell PowerFlex Appliance (per DSA-2025-434)
- Dell PowerFlex Rack (per DSA-2025-435)
Discovery Timeline
- 2026-05-20 - CVE-2025-32750 published to NVD
- 2026-05-20 - Last updated in NVD database
Technical Details for CVE-2025-32750
Vulnerability Analysis
The vulnerability resides in the Dell PowerFlex Manager web interface, which serves directory listings to unauthenticated clients. When a remote client requests a directory path without an index file, the application returns the contents of that directory rather than denying access. This behavior exposes filenames, paths, and resource structure that should remain internal to the management platform.
The weakness is classified under [CWE-548] (Exposure of Information Through Directory Listing). It does not directly allow code execution or modification of data. However, the disclosed metadata enables an attacker to map the management application, identify backup files, locate configuration artifacts, and target additional weaknesses with greater precision.
The attack vector is network-based and requires no privileges or user interaction. PowerFlex Manager is typically deployed in data center environments to manage hyperconverged infrastructure, so the disclosed information can include details about storage nodes, cluster configuration, and management workflows.
Root Cause
The root cause is a missing access control on directory index responses within the PowerFlex Manager web server configuration. The server returns automatically generated directory listings instead of restricting browsing of resource paths that lack a default document.
Attack Vector
An attacker reaches the management interface over the network and issues HTTP requests to directory paths exposed by PowerFlex Manager. The server responds with file and folder names, allowing the attacker to enumerate the application surface. The vulnerability requires no credentials, no user interaction, and no prior access to the cluster.
No public proof-of-concept code is currently available. Refer to the Dell Security Update DSA-2025-434 and Dell Security Update DSA-2025-435 for vendor technical details.
Detection Methods for CVE-2025-32750
Indicators of Compromise
- Unauthenticated HTTP GET requests to directory paths on PowerFlex Manager that return HTML index pages instead of 403 or 404 responses.
- Repeated requests from a single source enumerating sequential or common directory names against the management interface.
- Web server access logs showing directory listing responses (Index of /) served to external or unexpected IP addresses.
Detection Strategies
- Review PowerFlex Manager web server access logs for response bodies or status codes consistent with directory index generation.
- Compare current HTTP responses to a known-good baseline of the management interface to identify exposed paths.
- Inspect network telemetry for reconnaissance patterns targeting the PowerFlex Manager hostname on management VLANs.
Monitoring Recommendations
- Forward PowerFlex Manager web and audit logs to a centralized SIEM for correlation and long-term retention.
- Alert on anomalous unauthenticated access volume to the management interface from unexpected network segments.
- Monitor for outbound reconnaissance follow-on activity, such as targeted requests to filenames previously enumerated through directory listings.
How to Mitigate CVE-2025-32750
Immediate Actions Required
- Apply the fixed PowerFlex Manager release referenced in Dell advisories DSA-2025-434 and DSA-2025-435 as soon as it is available for your deployment model.
- Restrict network access to the PowerFlex Manager interface to authorized administrative networks and jump hosts only.
- Review web server access logs for prior unauthenticated directory listing requests and assess what information may have been exposed.
Patch Information
Dell has released security updates addressing CVE-2025-32750 in PowerFlex Manager. Customers should consult the Dell Security Update DSA-2025-434 for PowerFlex Appliance and the Dell Security Update DSA-2025-435 for PowerFlex Rack to obtain the fixed versions and follow Dell's documented upgrade procedure.
Workarounds
- Place PowerFlex Manager behind a reverse proxy or firewall rule set that blocks unauthenticated access to directory paths.
- Disable automatic directory indexing on the web server hosting PowerFlex Manager where configuration permits.
- Enforce network segmentation so only management workstations on a dedicated VLAN can reach the PowerFlex Manager interface.
# Example: restrict access to PowerFlex Manager to a management subnet using iptables
iptables -A INPUT -p tcp --dport 443 -s 10.10.20.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
