Scan free
CRITICALCVE-2025-43995CVSS 9.8

CVE-2025-43995: Authentication Bypass in Dell Storage Manager

Platform

dell

Component

dell-storage-manager

Fixed in

2020 R1.21

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2025-43995 describes an Improper Authentication vulnerability affecting Dell Storage Manager. This vulnerability allows an unauthenticated attacker with remote access to bypass protection mechanisms and potentially access sensitive APIs. The vulnerability impacts versions of Dell Storage Manager up to and including 2020 R1.21. A fix is available in version 2020 R1.21.

Impact and Attack Scenarios

The Improper Authentication vulnerability in Dell Storage Manager allows an unauthenticated, remote attacker to bypass protection mechanisms. Specifically, they can exploit the vulnerability to access APIs exposed by ApiProxy.war within the DataCollectorEar.ear component. This access is achieved by crafting a special SessionKey and UserId, leveraging pre-configured users created for specific purposes within the componentservicesapi. Successful exploitation could lead to unauthorized data access, modification, or deletion, potentially compromising the integrity and confidentiality of stored data. The ability to bypass authentication significantly expands the attack surface, allowing attackers to gain deeper access to the storage system without proper credentials.

Exploitation Context

CVE-2025-43995 was published on 2025-10-24. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation, but the CRITICAL CVSS score suggests a high probability of exploitation if the vulnerability is actively targeted. This vulnerability is not currently listed on the CISA KEV catalog.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.13% (32% percentile)

CISA SSVC

Exploitationnone
Automatableyes
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H9.8CRITICALAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentdell-storage-manager
VendorDell
Affected rangeFixed in
N/A – 2020 R1.212020 R1.21

Weakness Classification (CWE)

CWE-287

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2025-43995 is to upgrade Dell Storage Manager to version 2020 R1.21 or later, which contains the fix for this vulnerability. If immediate upgrade is not feasible, consider implementing network segmentation to restrict remote access to the DataCollectorEar.ear component. Review and restrict access to the componentservicesapi to limit the potential impact of successful exploitation. Monitor API access logs for unusual activity, focusing on requests with suspicious SessionKeys or UserIDs. While a WAF may not directly prevent this authentication bypass, it can be configured to detect and block suspicious API requests based on known patterns.

How to fix

Update Dell Storage Manager to version 20.1.21 or later. This update addresses the improper authentication vulnerability and prevents unauthorized access to the APIs exposed by ApiProxy.war in DataCollectorEar.ear.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-43995 — Improper Authentication in Dell Storage Manager?

CVE-2025-43995 is a CRITICAL vulnerability in Dell Storage Manager versions ≤2020 R1.21 that allows unauthenticated attackers to bypass protection mechanisms and access sensitive APIs.

Am I affected by CVE-2025-43995 in Dell Storage Manager?

If you are running Dell Storage Manager version 2020 R1.21 or earlier, you are potentially affected by this vulnerability. Assess your environment and upgrade as soon as possible.

How do I fix CVE-2025-43995 in Dell Storage Manager?

The recommended fix is to upgrade to version 2020 R1.21 or later. If upgrading is not immediately possible, implement network segmentation and restrict access to the DataCollectorEar.ear component.

Is CVE-2025-43995 being actively exploited?

Currently, there are no publicly known active exploits for CVE-2025-43995, but the CRITICAL severity warrants immediate attention and remediation.

Where can I find the official Dell advisory for CVE-2025-43995?

Refer to the official Dell Security Advisory for detailed information and remediation steps: [https://www.dell.com/support/kbdoc/en-us/000242643/security-update-for-dell-storage-manager-authentication-bypass-vulnerability]

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs