Dell PowerFlex Manager: Directory Listing Vulnerability Exposes Information
The National Vulnerability Database has disclosed CVE-2025-32750, a high-severity (CVSS 7.5) Exposure of Information Through Directory Listing vulnerability in Dell PowerFlex Manager, specifically versions 4.6.2 and earlier. This flaw allows an unauthenticated attacker with remote network access to potentially exploit the system, leading directly to information exposure.
This isn’t just about seeing file names. Directory listings can reveal critical system architecture, proprietary application paths, sensitive configuration files, and even backup locations. For an attacker, this is reconnaissance gold — providing direct insights into potential weak points for further exploitation, lateral movement, or data exfiltration.
Organizations running Dell PowerFlex Manager must prioritize patching immediately. This is a straightforward fix for Dell, but a critical vector for attackers. Defenders need to ensure that web servers and applications do not permit directory listings by default, and this incident underscores why that’s a baseline security control that often gets overlooked in complex infrastructure.
What This Means For You
- If your organization uses Dell PowerFlex Manager, specifically versions 4.6.2 or older, you are directly exposed to unauthenticated information disclosure. Prioritize patching this CVE immediately. Audit your web server configurations to ensure directory listings are disabled across all public-facing and internal assets.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2025-32750 - Dell PowerFlex Manager Directory Listing
title: CVE-2025-32750 - Dell PowerFlex Manager Directory Listing
id: scw-2026-05-20-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit the directory listing vulnerability (CVE-2025-32750) in Dell PowerFlex Manager by looking for GET requests containing '../' in the URI, which is indicative of directory traversal attempts. A successful exploitation typically results in a 200 status code.
author: SCW Feed Engine (AI-generated)
date: 2026-05-20
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2025-32750/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/../'
cs-method:
- 'GET'
sc-status:
- '200'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-32750 | Information Disclosure | Dell PowerFlex Manager |
| CVE-2025-32750 | Information Disclosure | Dell PowerFlex Manager version(s) <=4.6.2 |
| CVE-2025-32750 | Information Disclosure | Exposure of Information Through Directory Listing |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 20, 2026 at 19:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-20240 — Denial of Service
CVE-2026-20240 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,...
Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data
CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a...
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data...