Multiple Dell Secure Connect Gateway Flaws Allows System Compromise

Dell Technologies has issued a critical security advisory warning customers about multiple vulnerabilities in its Secure Connect Gateway (SCG) product that could potentially lead to system compromise.

The vulnerabilities affect versions prior to 5.28.00.14 and require immediate attention from system administrators.

According to Dell’s advisory, two newly identified vulnerabilities specific to Dell’s proprietary code include:

CVE-2025-23382: Sensitive Information Exposure

This vulnerability (CVSS 4.7) allows high-privileged attackers with remote access to expose sensitive system information through improper access controls in the SCG’s SRS component.

Specifically affecting versions prior to 5.28.00.14, it enables unauthorized parties to access:

System configuration details
Security parameters
Operational metadata

The attack surface is limited to authenticated users with elevated privileges, but successful exploitation could provide reconnaissance data for further attacks.

Risk Factors	Details
Affected Products	Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS(Versions prior to 5.28.00.14)
Impact	Sensitive system information
Exploit Prerequisites	High-privileged attacker Remote access to SCG
CVSS 3.1 Score	4.7

CVE-2025-26475: Live-Restore Configuration Vulnerability

Rated (CVSS 5.5), this flaw stems from improper validation of the container Live-Restore feature in SCG version 5.26. While designed to maintain container operations during daemon restarts, the implementation introduces:

Potential security control bypasses
Increased attack surface during maintenance windows
Risk of accidental misconfigurations

Attackers could exploit this through phishing or UI redressing attacks to manipulate container persistence settings, potentially bypassing security measures during system updates.

Risk Factors	Details
Affected Products	Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS(Versions prior to 5.28.00.14)
Impact	Security control bypass
Exploit Prerequisites	Low-privileged attacker, User interaction, Network access
CVSS 3.1 Score	5.5

Mitigations

These vulnerabilities represent significant security risks for organizations utilizing Dell Secure Connect Gateway in their infrastructure. It is strongly recommended for all customers to apply the available updates immediately.

Dell has released version 5.28.00.14 to address these vulnerabilities. Administrators are advised to:

Immediately update Dell Secure Connect Gateway Appliances to version 5.28.00.14 or later.
Download the update from: https://www.dell.com/support/product-details/product/secure-connect-gateway-ve/drivers.
Implement recommended security best practices, including network segmentation and the principle of least privilege.

For organizations unable to update immediately, Dell recommends monitoring systems for suspicious activity and implementing temporary mitigations where possible.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Kaaviya

Kaaviya is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.