Analysis Summary

Dell Technologies has disclosed three critical vulnerabilities in its Storage Manager (DSM) software that expose organizations to severe security risks, including authentication bypass, information disclosure, and unauthorized system access. Announced on October 24, 2025, the flaws affect DSM versions up to 20.1.21 and are rated between medium and high on the CVSS scale. These vulnerabilities highlight persistent weaknesses in management interfaces that could be exploited remotely without user interaction, making them highly attractive to attackers seeking entry into enterprise storage environments.

The most severe flaw, CVE-2025-43995, rated (Critical), lies in the DSM Data Collector component and stems from improper authentication handling. Attackers can exploit exposed APIs in the ApiProxy.war file within DataCollectorEar.ear by crafting special SessionKey and UserId values, leveraging internal service accounts created within the Compellent Services API. This allows complete authentication bypass, granting attackers full control over the system, including confidentiality, integrity, and availability impacts, effectively enabling remote system compromise without credentials.

The second vulnerability, CVE-2025-43994, rated (High), results from a missing authentication check in DSM version 20.1.21. It allows unauthenticated attackers to trigger information disclosure and disrupt service availability through low-complexity remote attacks. By exploiting this flaw, adversaries could extract sensitive configuration and operational data, potentially mapping out the storage network for follow-up lateral movement or privilege escalation. Meanwhile, CVE-2025-46425, rated 6.5 (Medium), involves an XML External Entity (XXE) reference flaw in DSM version 20.1.20, enabling attackers with low privileges to read sensitive files by abusing untrusted XML inputs, posing a significant confidentiality risk.

Dell has urged all users to update to Storage Manager version 2020 R1.22 or later, which addresses these vulnerabilities. The company emphasized that customers should consider both base and environmental CVSS scores when assessing their exposure. While no active exploitation has been observed, the remote nature of these vulnerabilities and their potential impact demand immediate remediation. The flaws were discovered by a Researcher(CVE-2025-43994 and CVE-2025-43995) and an independent researcher (CVE-2025-46425). These findings reinforce the need for enterprises to strengthen authentication mechanisms, enforce least-privilege access, and conduct regular vulnerability scanning to protect storage infrastructure from potential exploitation.

Impact

• Information Disclosure
• Security Bypass
• Unauthorized Access

Indicators of Compromise

CVE

• CVE-2025-43995
• CVE-2025-43994
• CVE-2025-46425

Affected Vendors

• Dell

Remediation

• Update immediately to Dell Storage Manager version 2020 R1.22 or later, which patches all three vulnerabilities (CVE-2025-43995, CVE-2025-43994, CVE-2025-46425).
• Restrict remote access to the DSM management interface and exposed APIs (such as ApiProxy.war) to trusted network segments only.
• Implement strong authentication controls, disable or monitor internal service accounts created by the Compellent Services API.
• Conduct vulnerability scans to ensure older or unpatched DSM versions are not deployed in production environments.
• Apply the principle of least privilege (PoLP) for all users and API accounts interacting with DSM.
• Monitor network logs for abnormal access attempts to the DSM Data Collector component, particularly those involving unusual SessionKey or UserId parameters.