CVE-2025-43995
Published: 24 October 2025
Summary
CVE-2025-43995 is a critical-severity Improper Authentication (CWE-287) vulnerability in Dell Storage Manager. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and correction of the improper authentication flaw in Dell Storage Manager as described in CVE-2025-43995 and the vendor advisory.
Ensures proper management of authenticators such as the special SessionKey exploited by unauthenticated attackers to bypass authentication in the DSM Data Collector APIs.
Mandates management of special UserId accounts created in compellentservicesapi, including monitoring, restriction, and disablement to prevent their exploitation for authentication bypass.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-43995 enables unauthenticated remote exploitation of exposed APIs via authentication bypass, directly facilitating T1190: Exploit Public-Facing Application.
NVD Description
Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker…
more
can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.
Deeper analysisAI
CVE-2025-43995 is an Improper Authentication vulnerability (CWE-287) affecting Dell Storage Manager version 20.1.21 within Dell Storage Center. The issue resides in the DSM Data Collector component, specifically APIs exposed by ApiProxy.war in DataCollectorEar.ear. It allows authentication bypass through the use of a special SessionKey and UserId associated with special users created in compellentservicesapi for particular purposes. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high confidentiality, integrity, and availability impacts.
An unauthenticated attacker with remote network access can exploit this vulnerability by leveraging the special SessionKey and UserId to bypass authentication protections and gain unauthorized access to the exposed APIs. Successful exploitation leads to a protection mechanism bypass, potentially enabling full compromise of the affected system.
Dell's security advisory DSA-2025-393, detailed at https://www.dell.com/support/kbdoc/en-us/000382899/dsa-2025-393-security-update-for-storage-center-dell-storage-manager-vulnerabilities, provides information on the security update addressing this and related vulnerabilities in Dell Storage Manager.
Details
- CWE(s)