Missing Authentication Vulnerability in Dell Storage Manager Product
CVE-2025-43994

8.6HIGH

Key Information:

Vendor: Dell
Status: Dell Storage Manager
Vendor: CVE Published:; 24 October 2025

What is CVE-2025-43994?

The Dell Storage Manager, specifically version DSM 20.1.21, is affected by a vulnerability that enables an unauthenticated remote attacker to potentially exploit the missing authentication feature. This could result in unauthorized access to critical functions within the product, leading to potential information disclosure. Organizations using this version are urged to review their security measures to safeguard sensitive data and mitigate risks associated with unauthorized access.

Affected Version(s)

Dell Storage Manager < 2020 R1.21

References

https://www.dell.com/support/kbdoc/en-us/000382899/dsa-20...

vendor-advisory

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 24, 2025
Vulnerability Reserved
Apr 21, 2025

Credit

Dell would like to thank Tenable for reporting the issue.

JSON