Dell Technologies has issued a critical security advisory warning customers about multiple vulnerabilities in its Secure Connect Gateway (SCG) product that could potentially lead to system compromise.
The vulnerabilities affect versions prior to 5.28.00.14 and require immediate attention from system administrators
CVE-2025-23382: Sensitive Information Exposure
This vulnerability (CVSS 4.7) allows high-privileged attackers with remote access to expose sensitive system information through improper access controls in the SCG’s SRS component.
Specifically affecting versions prior to 5.28.00.14, it enables unauthorized parties to access:
System configuration details
Security parameters
Operational metadata
The attack surface is limited to authenticated users with elevated privileges, but successful exploitation could provide reconnaissance data for further attacks.
Risk Factors Details
Affected Products Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS(Versions prior to 5.28.00.14)
Impact Sensitive system information
Exploit Prerequisites High-privileged attacker Remote access to SCG
CVSS 3.1 Score 4.7
CVE-2025-26475: Live-Restore Configuration Vulnerability
Rated (CVSS 5.5), this flaw stems from improper validation of the container Live-Restore feature in SCG version 5.26. While designed to maintain container operations during daemon restarts, the implementation introduces:
Potential security control bypasses
Increased attack surface during maintenance windows
Risk of accidental misconfigurations
Attackers could exploit this through phishing or UI redressing attacks to manipulate container persistence settings, potentially bypassing security measures during system updates.
Risk Factors Details
Affected Products Dell Secure Connect Gateway (SCG) 5.0 Appliance – SRS(Versions prior to 5.28.00.14)
Impact Security control bypass
Exploit Prerequisites Low-privileged attacker, User interaction, Network access
CVSS 3.1 Score 5.5
Mitigations Steps and Recommendation >>>
These vulnerabilities represent significant security risks for organizations utilizing Dell Secure Connect Gateway in their infrastructure. It is strongly recommended for all customers to apply the available updates immediately.
Dell has released version 5.28.00.14 to address these vulnerabilities. Administrators are advised to:
Immediately update Dell Secure Connect Gateway Appliances to version 5.28.00.14 or later.
Download the update from: https://www.dell.com/support/product-details/product/secure-connect-gateway-ve/drivers.
Implement recommended security best practices, including network segmentation and the principle of least privilege.
For organizations unable to update immediately, Dell recommends monitoring systems for suspicious activity and implementing temporary mitigations where possible.