DSA-2025-386: Security Update for Dell Secure Connect Gateway REST API
Сводка: Dell Secure Connect Gateway Application and Appliance remediation is available for security vulnerability that can be exploited by a malicious user with a valid session to allow relative path traversal to restricted resources. ...
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
Medium
Подробные сведения
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-46363 | Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-46363 | Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources. | 4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Затронутые продукты и исправление
| Product | Affected Versions | Remediated Versions | Link |
| Secure Connect Gateway-Application | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers |
| Secure Connect Gateway-Appliance | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
| Product | Affected Versions | Remediated Versions | Link |
| Secure Connect Gateway-Application | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-app-edition/drivers |
| Secure Connect Gateway-Appliance | Versions 5.26.00 through 5.30.00 | Version 5.32.00 or later | https://www.dell.com/support/home/product-support/product/secure-connect-gateway-ve/drivers |
История изменений
| Revision | Date | Description |
| 1.0 | 2025-10-29 | Initial Release |
Сведения об авторе и авторских правах
CVE-2025-46363: Dell would like to thank Ahmed Y. Elmogy for reporting this issue.
Связанная информация
Правовая оговорка
Затронутые продукты
Secure Connect Gateway, Secure Connect Gateway - Application Edition, Secure Connect Gateway - Virtual EditionСвойства статьи
Номер статьи: 000385239
Тип статьи: Dell Security Advisory
Последнее изменение: 29 Oct 2025
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.