You are currently viewing Triple Threat: Dell Storage Manager Flaws Put Systems at Risk

Triple Threat: Dell Storage Manager Flaws Put Systems at Risk

  • Post author:
  • Reading time:3 mins read

On October 24, 2025, Dell Technologies addressed three critical vulnerabilities in its Storage Manager software. These vulnerabilities could allow an attacker to bypass authentication, expose sensitive data, and gain unauthorized system access.

Vulnerability Overview

The Dell Storage Manager is affected by three vulnerabilities that can lead to complete system compromise.

  • CVE-2025-43995: A critical improper authentication vulnerability within the DSM Data Collector component. An unauthenticated, remote attacker can exploit exposed APIs in the ApiProxy.war file within DataCollectorEar.ear by crafting a special SessionKey and UserId. These crafted credentials leverage internal Compellent Services API users, allowing complete bypass of authentication. This vulnerability has a CVSS score of 9.8.
  • CVE-2025-43994: A high-severity missing authentication check for a critical function. An unauthenticated, remote attacker can access critical functions without authentication. This can lead to information disclosure and service disruption. This vulnerability has a CVSS score of 8.6.
  • CVE-2025-46425: A medium-severity improper restriction of XML external entity references. A remote attacker with low privileges could exploit this vulnerability to read sensitive files. This vulnerability has a CVSS score of 6.5.

Affected Products

The vulnerabilities affect Dell Storage Manager versions prior to 2020 R1.21.

Impact

Successful exploitation of these vulnerabilities could have severe consequences:

  • CVE-2025-43995: Complete system compromise, including confidentiality, integrity, and availability impacts. An attacker could gain unrestricted access to storage management functions, potentially exposing sensitive data, modifying configurations, or disrupting critical storage operations.
  • CVE-2025-43994: Information disclosure, allowing attackers to extract configuration and operational data, potentially leading to broader network intrusions.
  • CVE-2025-46425: Unauthorized access to sensitive files.

Tactics, Techniques, and Procedures (TTPs)

Attackers can exploit these vulnerabilities via remote access without any user interaction. These vulnerabilities make them highly attractive to threat actors.

  • TA0001 – Initial Access: Exploiting external-facing systems to gain initial entry into the network.
  • TA0002 – Execution: Running malicious code on the compromised system.
  • TA0008 – Lateral Movement: Expanding the attack to other systems in the network.
  • T1189 – Drive-by Compromise: Gaining access through a compromised website or application.
  • T1203 – Exploitation for Client Execution: Tricking a user into executing malicious code.
  • T1021 – Remote Services: Using legitimate remote access tools for malicious purposes.

Mitigation & Recommendations

Dell recommends that all customers take the following steps to mitigate the risk presented by these vulnerabilities:

  • Evaluate the risk: Assess the risk by considering both base and environmental CVSS scores.
  • Upgrade: Upgrade to Dell Storage Manager version 2020 R1.22 or later. This version addresses all three CVEs.
  • Patching: Apply the necessary updates without delay.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.