CVE-2025-43995 is an improper authentication vulnerability (CWE-287) identified in Dell Storage Manager (DSM) version 20.1.21. The flaw resides in the DSM Data Collector component, specifically in the APIs exposed by ApiProxy.war within the DataCollectorEar.ear package. An unauthenticated remote attacker can exploit this vulnerability by leveraging specially crafted SessionKey and UserId parameters. These UserIds correspond to special users created within the compellentservicesapi for specific internal purposes. By using these special credentials, the attacker can bypass authentication controls, effectively circumventing protection mechanisms designed to restrict access. This allows unauthorized access to sensitive management APIs, potentially leading to full compromise of the storage management system. The vulnerability is remotely exploitable without any authentication or user interaction, making it highly dangerous. The CVSS v3.1 score of 9.8 reflects the critical nature of this issue, with high impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the severity and ease of exploitation make this a significant threat to organizations relying on Dell Storage Manager for storage infrastructure management.

The impact of CVE-2025-43995 is severe for organizations using Dell Storage Manager, particularly those managing critical storage infrastructure. An attacker exploiting this vulnerability can gain unauthorized access to management APIs, potentially allowing them to manipulate storage configurations, access sensitive data, disrupt storage services, or deploy further attacks within the network. This can lead to data breaches, data loss, service outages, and compromise of business continuity. Given the critical role of storage management in enterprise IT environments, such unauthorized access can affect multiple systems and services dependent on the storage backend. The vulnerability’s remote and unauthenticated nature increases the risk of widespread exploitation, especially in environments where the DSM interfaces are exposed or insufficiently segmented. Organizations in sectors such as finance, healthcare, government, and large enterprises with extensive storage deployments are particularly at risk due to the sensitive nature of stored data and reliance on continuous availability.

1. Immediately apply any patches or updates released by Dell addressing CVE-2025-43995 once available. 2. Until patches are available, restrict network access to the Dell Storage Manager Data Collector APIs by implementing strict firewall rules and network segmentation to limit exposure to trusted management networks only. 3. Monitor network traffic and logs for unusual access patterns or attempts to use special SessionKey and UserId values associated with this vulnerability. 4. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect exploitation attempts targeting the ApiProxy.war endpoints. 5. Review and harden access controls around the compellentservicesapi and related components, ensuring that special user accounts are tightly controlled and monitored. 6. Conduct regular security assessments and penetration testing focused on storage management interfaces to identify and remediate similar authentication weaknesses. 7. Educate IT and security teams about this vulnerability to ensure rapid response and mitigation in case of attempted exploitation.