CVE-2025-32751 Overview
CVE-2025-32751 affects Dell PowerFlex Manager versions 4.6.2 and earlier. The flaw is an Insecure Storage of Sensitive Information weakness classified under [CWE-922]. A low-privileged attacker with local access to an affected system can read sensitive data that should be protected, leading to unauthorized information disclosure.
The vulnerability extends to Dell PowerFlex Appliance Intelligent Catalog and Dell PowerFlex Rack deployments that bundle the affected manager component. Dell published advisories DSA-2025-434 and DSA-2025-435 to address the issue across these product lines.
Critical Impact
A local, low-privileged attacker can access sensitive information stored insecurely by PowerFlex Manager, compromising the confidentiality of credentials or configuration data used to manage storage infrastructure.
Affected Products
- Dell PowerFlex Manager versions <=4.6.2
- Dell PowerFlex Appliance Intelligent Catalog
- Dell PowerFlex Rack
Discovery Timeline
- 2026-05-22 - CVE-2025-32751 published to NVD
- 2026-05-22 - Last updated in NVD database
Technical Details for CVE-2025-32751
Vulnerability Analysis
The vulnerability stems from how Dell PowerFlex Manager stores sensitive information on the underlying host. The weakness maps to [CWE-922] Insecure Storage of Sensitive Information, meaning the application places confidential data in a location accessible to actors who should not have access. The data is not adequately protected through encryption, restrictive filesystem permissions, or secure secret management.
PowerFlex Manager orchestrates storage and infrastructure operations across PowerFlex Appliance and PowerFlex Rack platforms. The component handles credentials, tokens, or configuration material required to manage hyperconverged infrastructure. When such data is stored insecurely, any local user account on the management host inherits the ability to read it.
Exploitation requires only local access and low privileges. No user interaction is needed, and confidentiality impact is high while integrity and availability remain unaffected.
Root Cause
The root cause is improper protection of stored secrets within the PowerFlex Manager software. Sensitive material is written to a location readable by accounts that do not require it, or stored without adequate cryptographic protection. The CWE-922 classification indicates the storage mechanism itself, rather than a flaw in authentication or transport, is responsible for the exposure.
Attack Vector
An attacker first obtains a low-privileged local account on the system hosting PowerFlex Manager. This could occur through compromised operator credentials, lateral movement from another internal system, or misuse of legitimate administrative access. Once local, the attacker reads the insecurely stored data from disk. The retrieved information can include credentials reusable for privilege escalation or movement into managed PowerFlex storage nodes.
No verified public proof-of-concept exists for CVE-2025-32751. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, and no in-the-wild exploitation has been confirmed. Refer to the Dell Security Update DSA-2025-434 advisory for vendor-specific technical context.
Detection Methods for CVE-2025-32751
Indicators of Compromise
- Unexpected read access to PowerFlex Manager configuration files, credential stores, or log directories by non-administrative local accounts.
- New or unusual outbound authentication attempts against PowerFlex nodes originating from accounts that previously had no management role.
- Local shell sessions on the PowerFlex Manager host performing file enumeration in application data directories.
Detection Strategies
- Audit filesystem permissions on PowerFlex Manager installation paths and flag any world-readable or group-readable files containing secrets.
- Monitor process and file access telemetry on the management host for low-privileged users reading sensitive PowerFlex directories.
- Correlate local account activity on the PowerFlex Manager host with subsequent authentication events to managed storage components.
Monitoring Recommendations
- Forward operating system audit logs from the PowerFlex Manager host to a centralized analytics platform for behavioral baselining.
- Alert on credential reuse patterns where PowerFlex service accounts authenticate from unexpected source systems.
- Track changes to file ownership or access control lists within PowerFlex Manager directories.
How to Mitigate CVE-2025-32751
Immediate Actions Required
- Apply the security updates referenced in Dell advisories DSA-2025-434 and DSA-2025-435 to upgrade PowerFlex Manager beyond version 4.6.2.
- Inventory all PowerFlex Appliance and PowerFlex Rack deployments to identify systems running affected versions.
- Rotate any credentials, API keys, or service account passwords that PowerFlex Manager may have stored on disk prior to patching.
Patch Information
Dell has released fixed software through the following advisories. Review and apply the updates that match your deployment:
- Dell Security Update DSA-2025-434 for PowerFlex Appliance and Intelligent Catalog.
- Dell Security Update DSA-2025-435 for PowerFlex Rack.
Workarounds
- Restrict local interactive and SSH access to PowerFlex Manager hosts to a minimal set of administrative accounts.
- Enforce least-privilege filesystem permissions on PowerFlex Manager directories until the patch is applied.
- Place the PowerFlex Manager host on a segmented management network with strict access control list enforcement.
- Increase audit logging verbosity on the management host to detect unauthorized read attempts against sensitive directories.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
