CVE-2025-32748

Summary

Dell PowerFlex Manager, version(s) prior to 5.1.0.1, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections.

Affected Software

VendorProductVersion RangeStatus
DellPowerFlex rack0 < 3.9.1.1 or lateraffected
DellPowerFlex rack0 < 3.8.4.1 or lateraffected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References