CVE-2025-22477 – Dell Storage Manager version 20.1.20 contains a... (How to Fix)

Q: What is the severity of CVE-2025-22477?

CVE-2025-22477 has a CVSS score of 8.3 (HIGH). Dell Storage Manager version 20.1.20 contains an improper authentication vulnerability that allows adjacent network attackers to bypass authentication and gain elevated privileges. This affects organizations using Dell Storage Center with the vulnerable Storage Manager version. Attackers on the same network segment can exploit this without valid credentials.

📋 TL;DR

Dell Storage Manager version 20.1.20 contains an improper authentication vulnerability that allows adjacent network attackers to bypass authentication and gain elevated privileges. This affects organizations using Dell Storage Center with the vulnerable Storage Manager version. Attackers on the same network segment can exploit this without valid credentials.

💻 Affected Systems

Products:

Dell Storage Center - Dell Storage Manager

Versions: 20.1.20

Operating Systems: Not specified in advisory

Default Config Vulnerable: ⚠️ Yes

Notes: Requires adjacent network access to the storage management interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Dell Storage Manager with administrative access, allowing data manipulation, configuration changes, or storage system disruption.

🟠

Likely Case

Unauthorized access to storage management functions, potentially leading to data exposure or service disruption.

🟢

If Mitigated

Limited impact if network segmentation isolates storage management interfaces from untrusted networks.

🌐 Internet-Facing: LOW (requires adjacent network access, not direct internet exposure)

🏢 Internal Only: HIGH (exploitable from internal networks where storage management interfaces are accessible)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Unauthenticated adjacent network access required; specific exploit details not publicly disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to version specified in DSA-2025-191

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities

Restart Required: Yes

Instructions:

1. Review Dell Security Advisory DSA-2025-191. 2. Download and apply the recommended update from Dell Support. 3. Restart affected Storage Manager services. 4. Verify successful update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Dell Storage Manager interfaces to trusted management networks only

Access Control Lists

all

Implement network ACLs to restrict access to Storage Manager ports

🧯 If You Can't Patch

Implement strict network segmentation to isolate storage management interfaces
Monitor network traffic to/from Storage Manager for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check Dell Storage Manager version via web interface or CLI; version 20.1.20 is vulnerable

Check Version:

Check via Storage Manager web interface or consult Dell documentation for CLI commands

Verify Fix Applied:

Verify version is updated beyond 20.1.20 per Dell advisory

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access attempts to Storage Manager
Authentication bypass events
Unusual administrative actions

Network Indicators:

Unauthorized connections to Storage Manager ports (typically 3033/TCP for web interface)
Traffic from unexpected network segments

SIEM Query:

source_ip NOT IN trusted_networks AND dest_port=3033 AND auth_result=success

📊 Metadata

CVE ID: CVE-2025-22477

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE: CWE-287

EPSS Score: 0.07% exploit probability (21.7th percentile)

Published: May 6, 2025

Last Updated: May 13, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000317318/dsa-2025-191-security-update-for-storage-center-dell-storage-manager-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-22477, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Storage Manager by Dell

Storage Manager by Dell

Storage Manager by Dell

Storage Manager by Dell

Storage Manager by Dell

Storage Manager by Dell

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control Lists

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities