Critical Dell Storage Manager Flaws Expose Enterprises to Remote Attacks and Data Theft
Researchers link the flaws to weak authentication that could let attackers bypass security controls.
Key Takeaways:
- Dell alerts users to severe security flaws in its Storage Manager software.
- The vulnerabilities could allow remote access to critical systems and data.
- Users are urged to update immediately and tighten access controls.
Dell Technologies has issued an urgent warning about three critical vulnerabilities in its Storage Manager software. These flaws could allow remote hackers to gain unauthorized access to sensitive systems and data.
Dell Storage Manager is a centralized software platform used to manage Dell storage systems, including configuration, monitoring, and performance optimization. It provides administrators with tools to monitor storage arrays, automate tasks, and ensure efficient data handling across enterprise environments.
The three vulnerabilities (tracked as CVE-2025-43995, CVE-2025-43994, and CVE-2025-46425) have a CVSS score of 9.8, 8.6, and 6.5, respectively. These flaws impact all Dell Storage Manager versions released before 20.1.21.
How could attackers exploit the flaws to access sensitive data?
The first major flaw, CVE-2025-43995, is an improper authentication issue in the DSM Data Collector feature of Dell Storage Manager. It allows remote attackers to bypass security protections using crafted session keys and user IDs. Another vulnerability, CVE-2025-43994, stems from missing authentication for critical functions, potentially letting attackers access sensitive operations and expose confidential information.
Additionally, CVE-2025-46425 is a medium-rated improper restriction of XML external entity reference vulnerability, which affects DSM version 20.1.20. A low-privileged attacker could exploit this to gain unauthorized access to sensitive data.
“Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability,” Dell explained.
What are the recommended security measures?
To protect against the Dell Storage Manager vulnerabilities, customers should update to the latest secure version (version 2020 R1.22 or later) as soon as possible. Moreover, they should restrict access to management interfaces to trusted networks, enforce multi-factor authentication, and apply the principle of least privilege to user accounts. It’s also advised to conduct regular monitoring of system logs for unusual activity and conduct frequent vulnerability assessments to reduce the risk of exploitation.
Beyond patching, organizations should establish a long-term data risk management framework that identifies and classifies sensitive information. This proactive approach also helps to ensure timely remediation of vulnerabilities and aligns with broader data governance and compliance goals.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
