CVE-2025-43995CRITICAL 9.8EPSS p52.6%

CVE-2025-43995CVE-2025-43995

Description

Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.82% probability of exploitation · percentile 52.6% · 2026-06-18T12:00:27Z
Published2025-10-24
Last modified2025-11-04

Underlying weaknesses· 1

CWE-287

References

  1. https://www.dell.com/support/kbdoc/en-us/000382899/dsa-2025-393-security-update-for-storage-center-dell-storage-manager-vulnerabilities

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-22477
CVE
CVE-2026-22266
CVE
CVE-2025-36594
CVE
CVE-2025-22476
CVE
CVE-2025-22478
CVE
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.