CVE-2025-36599

Published Jul 9, 2025

Last updated 3 months ago

CVSS medium 4.3

Overview

Description: Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.
Source: security_alert@emc.com
NVD status: Analyzed
Products: powerflex_manager

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

security_alert@emc.com: CWE-532

Hype score: Not currently trending

CVE-2025-36599 Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remot… https://t.co/zPMfnKlJZv
@CVEnew
10 Jul 2025
161 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:powerflex_manager:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "365B0B2C-5865-477C-938A-EC4CFFFF6E96",
            "versionEndExcluding": "4.6.2.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References