CVE-2025-43995

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell Storage Manager versions 20.1.21

Description An improper authentication issue exists in Dell Storage Manager that could allow an unauthenticated remote attacker to bypass protection mechanisms. Specifically, an attacker can access APIs exposed by

ApiProxy.war

within

DataCollectorEar.ear

by utilizing a specific

SessionKey

and

UserId

. These

UserId

values are associated with special users created within

compellentservicesapi

for specific purposes.

Recommendations Update Dell Storage Manager to a version that addresses this authentication bypass. As a temporary workaround, restrict access to the

ApiProxy.war

component within

DataCollectorEar.ear

to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2025-43995

Affected Products

Dell Storage Manager

CVE-2025-43995

Weakness Enumeration

Related Identifiers

Affected Products

References · 8