"The three flaws, tracked as CVE-2025-43995, CVE-2025-43994, and CVE-2025-46425, command CVSS scores of 9.8, 8.6, and 6.5, respectively. All versions of Dell Storage Manager prior to version 20.1.21 are affected by the vulnerabilities, and the company has urged customers to immediately follow remediation steps to avoid potential compromise. Remediation is available for versions 2020 R1.22 and later, according to the advisory."
"Ranked as a critical vulnerability, CVE-2025-43995 is an improper authentication flaw in the DSM Data Collector feature for Dell Storage Manager. In a customer advisory, the company said this could enable an unauthenticated attacker with remote access to bypass protection mechanisms and exploit exposed APIs. "An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId," the company said."
Three vulnerabilities in Dell Storage Manager were identified: CVE-2025-43995 (CVSS 9.8), CVE-2025-43994 (CVSS 8.6), and CVE-2025-46425 (CVSS 6.5). All versions prior to 20.1.21 are affected. Remediation is available for versions 2020 R1.22 and later. CVE-2025-43995 is an improper authentication flaw in the DSM Data Collector that can enable unauthenticated attackers to bypass protections and exploit exposed APIs. CVE-2025-43994 is a missing authentication for a critical function that could lead to configuration data disclosure and further intrusions. CVE-2025-46425 involves an XML external entity issue that could allow access to sensitive files. Immediate remediation is urged.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]