CVE-2025-32748: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in Dell PowerFlex rack
Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections.
AI Analysis
Technical Summary
CVE-2025-32748 describes a Host Header Injection vulnerability in Dell PowerFlex rack RCM 3.7. This vulnerability enables unauthenticated remote attackers to exploit open redirect behavior by manipulating URL redirections. The issue falls under CWE-601, which involves URL redirection to untrusted sites. The CVSS v3.1 base score is 4.3, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, and user interaction needed. No official fix or remediation level has been published by Dell as of the current data.
Potential Impact
An unauthenticated attacker with remote network access could exploit this vulnerability to redirect users to potentially malicious or untrusted websites. This could facilitate phishing or social engineering attacks by misleading users through crafted URLs. The confidentiality impact is low, with no integrity or availability impacts reported. There are no known active exploits in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should be cautious of unexpected redirects when interacting with Dell PowerFlex rack interfaces. Monitoring for updates from Dell is recommended.
CVE-2025-32748: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in Dell PowerFlex rack
Description
Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host Header Injection vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to trigger redirections.
CVSS v3.1
Score 4.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-32748 describes a Host Header Injection vulnerability in Dell PowerFlex rack RCM 3.7. This vulnerability enables unauthenticated remote attackers to exploit open redirect behavior by manipulating URL redirections. The issue falls under CWE-601, which involves URL redirection to untrusted sites. The CVSS v3.1 base score is 4.3, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, and user interaction needed. No official fix or remediation level has been published by Dell as of the current data.
Potential Impact
An unauthenticated attacker with remote network access could exploit this vulnerability to redirect users to potentially malicious or untrusted websites. This could facilitate phishing or social engineering attacks by misleading users through crafted URLs. The confidentiality impact is low, with no integrity or availability impacts reported. There are no known active exploits in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should be cautious of unexpected redirects when interacting with Dell PowerFlex rack interfaces. Monitoring for updates from Dell is recommended.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- dell
- Date Reserved
- 2025-04-10T05:03:51.740Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a32cb1b9f87a2db09260e29
Added to database: 6/17/2026, 4:28:11 PM
Last enriched: 6/17/2026, 4:43:33 PM
Last updated: 6/17/2026, 6:22:53 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.