Cyber Resilience

CVE-2025-43995

Critical

Published: 24 October 2025

Published
24 October 2025
Modified
04 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43995 is a critical-severity Improper Authentication (CWE-287) vulnerability in Dell Storage Manager. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2025-43995 is an Improper Authentication vulnerability (CWE-287) affecting Dell Storage Manager version 20.1.21 within Dell Storage Center. The issue resides in the DSM Data Collector component, specifically APIs exposed by ApiProxy.war in DataCollectorEar.ear. It allows authentication bypass through the use of a special SessionKey and UserId associated with special users created in compellentservicesapi for particular purposes. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high confidentiality, integrity, and availability impacts.

An unauthenticated attacker with remote network access can exploit this vulnerability by leveraging the special SessionKey and UserId to bypass authentication protections and gain unauthorized access to the exposed APIs. Successful exploitation leads to a protection mechanism bypass, potentially enabling full compromise of the affected system.

Dell's security advisory DSA-2025-393, detailed at https://www.dell.com/support/kbdoc/en-us/000382899/dsa-2025-393-security-update-for-storage-center-dell-storage-manager-vulnerabilities, provides information on the security update addressing this and related vulnerabilities in Dell Storage Manager.

EU & UK References

Vulnerability details

Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker…

more

can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CVE-2025-43995 enables unauthenticated remote exploitation of exposed APIs via authentication bypass, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22266Same vendor: Dell
CVE-2026-27101Same vendor: Dell
CVE-2025-43728Same vendor: Dell
CVE-2024-49601Same vendor: Dell
CVE-2026-26944Same vendor: Dell
CVE-2025-26336Same vendor: Dell
CVE-2025-22475Same vendor: Dell
CVE-2026-22284Same vendor: Dell
CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287

Affected Assets

dell
storage manager
2020 · ≤ 2020

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification, reporting, and correction of the improper authentication flaw in Dell Storage Manager as described in CVE-2025-43995 and the vendor advisory.

prevent

Ensures proper management of authenticators such as the special SessionKey exploited by unauthenticated attackers to bypass authentication in the DSM Data Collector APIs.

prevent

Mandates management of special UserId accounts created in compellentservicesapi, including monitoring, restriction, and disablement to prevent their exploitation for authentication bypass.

References