Dell Storage Flaw Lets Hackers Bypass APIs Remotely

Dell Technologies has disclosed a critical security vulnerability in its Storage Manager software, warning that the Dell Storage Flaw lets hackers bypass authentication via exposed APIs. The flaw, tracked as CVE-2025-43995 and rated 9.8 on the CVSS scale, affects Storage Center and Dell Storage Manager (DSM) platforms. If exploited, attackers could remotely gain unauthorized access and potentially compromise sensitive infrastructure.

In addition to CVE-2025-43995, Dell identified nine other high-severity vulnerabilities impacting its storage systems. These include CVE-2025-43994, CVE-2025-46425, CVE-2025-58428, CVE-2025-11371, CVE-2025-54253, CVE-2024-10442, CVE-2024-10441, CVE-2025-27915 and CVE-2024-39584. Each poses distinct risks that could lead to unauthorized control or data exposure.

The Dell Storage Flaw lets hackers exploit unauthenticated access points, raising serious concerns for enterprise users. Dell has urged immediate updates and mitigation steps to prevent potential breaches stemming from these vulnerabilities.

Read the full advisory here:

Critical Dell Storage Manager Flaw (CVE-2025-43995, CVSS 9.8) Allows Unauthenticated API Bypass