CVE-2025-26483
Possible ATT&CK Techniques 1AI
T1566.002 · Spearphishing LinkAffected Version Matrix 5
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | PowerFlex Manager | ≤ 4.6.2 | affected |
| Dell | PowerFlex Manager (Appliance) | < IC 48.378.00 | affected |
< IC 48.383.00 | affected | ||
| Dell | PowerFlex Manager (Rack) | < 3.7.8.0 | affected |
< 3.8.3.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-26483
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Dell PowerFlex Manager, versions 4.6.2 and prior, contains an Open Redirect Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Dell | PowerFlex Manager (Appliance) | 0 ~ IC 48.378.00 | - | |
| Dell | PowerFlex Manager (Rack) | 0 ~ 3.7.8.0 | - | |
| Dell | PowerFlex Manager | 0 ~ 4.6.2 | - |
II. Public POCs for CVE-2025-26483
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-26483
请登录查看更多情报信息。
Vendor Advisories for CVE-2025-26483 (2)
Same Patch Batch · Dell · 2026-05-22 · 10 CVEs total
| CVE-2021-21508 | 6.7 MEDIUM | VxRail<7.0.200明文密码存储漏洞 |
| CVE-2022-34363 | 6.5 MEDIUM | Dell Unisphere v10.0.0.2前授权绕过漏洞 |
| CVE-2022-31231 | 5.9 MEDIUM | Dell ECS 3.5/3.6 IAM访问控制漏洞 |
| CVE-2025-32751 | 5.5 MEDIUM | Dell PowerFlex Manager<=4.6.2敏感信息不当地存储漏洞 |
| CVE-2025-32747 | 5.3 MEDIUM | Dell PowerFlex Manager <=4.6.2 特权提升漏洞 |
| CVE-2025-32749 | 5.3 MEDIUM | Dell PowerFlex Manager <=4.6.2 信息泄露漏洞 |
| CVE-2025-32745 | 4.2 MEDIUM | Dell PowerFlex Manager<=4.6.2证书验证缺陷 |
| CVE-2025-32746 | 4.0 MEDIUM | Dell PowerFlex Manager<=4.6.2敏感信息不安全存储漏洞 |
| CVE-2025-46371 | 3.6 LOW | Dell PowerFlex Manager<=4.6.2 加密算法漏洞 |
IV. Related Vulnerabilities
Same product: PowerFlex Manager (Appliance)
Same weakness: CWE-601
- CVE-2026-40295
Devise: Open Redirect via Unvalidated `request.referrer` in - CVE-2026-9245
Devolutions Server输入验证漏洞 - CVE-2026-7504
Org.keycloak/keycloak-services: open redirect when using wil - CVE-2025-65954
SimpleSAMLphp-casserver has an Open Redirect vulnerability - CVE-2026-42207
Magento LTS: Open Redirect via Unvalidated `uenc` Parameter
V. Comments for CVE-2025-26483
No comments yet