Attackers can bypass authentication in Dell Storage Manager
In a current version of Dell's Storage Manager, the developers have closed three security vulnerabilities.
(Image: Artur Szczybylo/Shutterstock.com)
Attackers can exploit a vulnerability in Dell Storage Manager, among other things, to bypass security restrictions. A patched version is available for download.
Multiple Security Issues
As indicated by a warning message, a security vulnerability (CVE-2025-43995) is considered “critical.” Remote attackers can exploit it without authentication. If an attack is successful, unauthorized access is possible. The developers are currently not detailing how such an attack could be carried out.
With the second vulnerability (CVE-2025-43994, “high”), errors also occur during authentication, and attackers can access supposedly isolated information through an unspecified method. The third vulnerability (CVE-2025-46425, “medium”) again describes authentication problems.
So far, there are no reports of attackers exploiting the vulnerabilities. To protect systems from the described attacks, administrators must install Dell Storage Manager version 2020 R1.22. According to the developers, all previous versions are vulnerable.
Videos by heise
Most recently, the developers closed security vulnerabilities in the backup solution PowerProtect Data Domain have been closed.
(des)
