DSA-2025-386: Security Update for Dell Secure Connect Gateway REST API
Summary: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ...
Αυτό το άρθρο ισχύει για
Αυτό το άρθρο δεν ισχύει για
Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν.
Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Impact
Medium
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-46363 | Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-46363 | Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Επηρεαζόμενα προϊόντα και αποκατάσταση
| Product | Affected Versions | Remediated Versions | Link |
| Secure Connect Gateway-Application | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers |
| Secure Connect Gateway-Appliance | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
| Product | Affected Versions | Remediated Versions | Link |
| Secure Connect Gateway-Application | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers |
| Secure Connect Gateway-Appliance | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
Revision History
| Revision | Date | Description |
| 1.0 | 2025-10-29 | Initial Release |
Acknowledgements
CVE-2025-46363: Dell would like to thank Ahmed Y. Elmogy for reporting this issue.
Related Information
Νομική αποποίηση ευθύνης
Επηρεαζόμενα προϊόντα
Secure Connect Gateway, Secure Connect Gateway - Application Edition, Secure Connect Gateway - Virtual EditionΙδιότητες άρθρου
Article Number: 000385239
Article Type: Dell Security Advisory
Τελευταία τροποποίηση: 29 Οκτ 2025
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.