DSA-2025-104: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities
Résumé: Dell Secure Connect Gateway contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
Impact
Critical
Détails
|
Third-Party Component |
CVEs | More information |
| Commons-net | CVE-2021-37533 | https://nvd.nist.gov/vuln/search |
| Glibc | CVE-2025-0395 | https://nvd.nist.gov/vuln/search |
| Grub2 | CVE-2025-0622, CVE-2025-0624, CVE-2025-0677, CVE-2025-0678, CVE-2025-0684, CVE-2025-0685, CVE-2025-0686, CVE-2025-0689, CVE-2025-0690, CVE-2025-1118, CVE-2025-1125 | https://nvd.nist.gov/vuln/search |
| HttpClient | CVE-2020-13956 | https://nvd.nist.gov/vuln/search |
| Kernel |
CVE-2021-47163, CVE-2021-47416, CVE-2021-47612, CVE-2022-48788, CVE-2022-48789, CVE-2022-48790, CVE-2022-48809, CVE-2022-48946, CVE-2022-48949, CVE-2022-48951, CVE-2022-48956, CVE-2022-48958, CVE-2022-48960, CVE-2022-48962, CVE-2022-48966, CVE-2022-48967, CVE-2022-48969, CVE-2022-48971, CVE-2022-48972, CVE-2022-48973, CVE-2024-11187, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12133, CVE-2024-12747, CVE-2024-13176, CVE-2024-26644, CVE-2024-26801, CVE-2024-26804, CVE-2024-26852, CVE-2024-26976, CVE-2024-27043, CVE-2024-35847, CVE-2024-36484, CVE-2024-36883, CVE-2024-38538, CVE-2024-38589, CVE-2024-39476, CVE-2024-40965, CVE-2024-41013, CVE-2024-41082, CVE-2024-42114, CVE-2024-42131, CVE-2024-42253, CVE-2024-43374, CVE-2024-44931, CVE-2024-44958, CVE-2024-45774, CVE-2024-45775, CVE-2024-45776, CVE-2024-45777, CVE-2024-45778, CVE-2024-45779, CVE-2024-45780, CVE-2024-45781, CVE-2024-45782, CVE-2024-45783, CVE-2024-46724, CVE-2024-46755, CVE-2024-46802, CVE-2024-46809, CVE-2024-46813, CVE-2024-46816, CVE-2024-46818, CVE-2024-46826, CVE-2024-46834, CVE-2024-46840, CVE-2024-46841, CVE-2024-46848, CVE-2024-47141, CVE-2024-47220, CVE-2024-47666, CVE-2024-47670, CVE-2024-47672, CVE-2024-47673, CVE-2024-47674, CVE-2024-47678, CVE-2024-47679, CVE-2024-47684, CVE-2024-47685, CVE-2024-47696, CVE-2024-47697, CVE-2024-47698, CVE-2024-47706, CVE-2024-47707, CVE-2024-47709, CVE-2024-47713, CVE-2024-47735, CVE-2024-47737, CVE-2024-47742, CVE-2024-47745, CVE-2024-47749, CVE-2024-47809, CVE-2024-47814, CVE-2024-48881, CVE-2024-49851, CVE-2024-49860, CVE-2024-49877, CVE-2024-49881, CVE-2024-49882, CVE-2024-49883, CVE-2024-49884, CVE-2024-49890, CVE-2024-49891, CVE-2024-49894, CVE-2024-49896, CVE-2024-49901, CVE-2024-49920, CVE-2024-49929, CVE-2024-49936, CVE-2024-49944, CVE-2024-49948, CVE-2024-49949, CVE-2024-49957, CVE-2024-49958, CVE-2024-49959, CVE-2024-49962, CVE-2024-49965, CVE-2024-49966, CVE-2024-49967, CVE-2024-49982, CVE-2024-49991, CVE-2024-49995, CVE-2024-49996, CVE-2024-50006, CVE-2024-50007, CVE-2024-50024, CVE-2024-50033, CVE-2024-50035, CVE-2024-50039, CVE-2024-50045, CVE-2024-50047, CVE-2024-50058, CVE-2024-50099, CVE-2024-50142, CVE-2024-50143, CVE-2024-50151, CVE-2024-50166, CVE-2024-50179, CVE-2024-50194, CVE-2024-50199, CVE-2024-50210, CVE-2024-50211, CVE-2024-50228, CVE-2024-50256, CVE-2024-50262, CVE-2024-50280, CVE-2024-50287, CVE-2024-50299, CVE-2024-52332, CVE-2024-52533, CVE-2024-53057, CVE-2024-53101, CVE-2024-53112, CVE-2024-53136, CVE-2024-53141, CVE-2024-53142, CVE-2024-53144, CVE-2024-53146, CVE-2024-53150, CVE-2024-53155, CVE-2024-53156, CVE-2024-53157, CVE-2024-53172, CVE-2024-53173, CVE-2024-53179, CVE-2024-53185, CVE-2024-53197, CVE-2024-53198, CVE-2024-53210, CVE-2024-53214, CVE-2024-53224, CVE-2024-53227, CVE-2024-53239, CVE-2024-53240, CVE-2024-55916, CVE-2024-56369, CVE-2024-56531, CVE-2024-56532, CVE-2024-56533, CVE-2024-56539, CVE-2024-56548, CVE-2024-56551, CVE-2024-56569, CVE-2024-56570, CVE-2024-56574, CVE-2024-56587, CVE-2024-56593, CVE-2024-56594, CVE-2024-56599, CVE-2024-5660, CVE-2024-56600, CVE-2024-56601, CVE-2024-56603, CVE-2024-56604, CVE-2024-56605, CVE-2024-56606, CVE-2024-56615, CVE-2024-56616,, CVE-2024-56623, CVE-2024-56630, CVE-2024-56631, CVE-2024-56637, CVE-2024-56641, CVE-2024-56642, CVE-2024-56643, CVE-2024-56650, CVE-2024-56661, CVE-2024-56662, CVE-2024-56664, CVE-2024-56681, CVE-2024-56700, CVE-2024-56704, CVE-2024-56722, CVE-2024-56724, CVE-2024-56737, CVE-2024-56739, CVE-2024-56747, CVE-2024-56748, CVE-2024-56756, CVE-2024-56759, CVE-2024-56763, CVE-2024-56769, CVE-2024-57791, CVE-2024-57849, CVE-2024-57884, CVE-2024-57887, CVE-2024-57888, CVE-2024-57890, CVE-2024-57892, CVE-2024-57893, CVE-2024-57896, CVE-2024-57899, CVE-2024-57903, CVE-2024-57922, CVE-2024-57929, CVE-2024-57931, CVE-2024-57932, CVE-2024-57938, CVE-2024-8805, CVE-2024-9681 CVE-2024-26886, CVE-2024-27051, CVE-2024-35937, CVE-2024-36886, CVE-2024-36905, CVE-2024-42098, CVE-2024-42229, CVE-2024-44995, CVE-2024-45016, CVE-2024-46771, CVE-2024-46777, CVE-2024-46800, CVE-2024-47660, CVE-2024-47701, CVE-2024-49858, CVE-2024-49868, CVE-2024-49921, CVE-2024-49925, CVE-2024-49938, CVE-2024-49945, CVE-2024-49950, CVE-2024-49952, CVE-2024-50044, CVE-2024-50055, CVE-2024-50073, CVE-2024-50074, CVE-2024-50095, CVE-2024-50115, CVE-2024-50117, CVE-2024-50125, CVE-2024-50135, CVE-2024-50148, CVE-2024-50150, CVE-2024-50154, CVE-2024-50167, CVE-2024-50171, CVE-2024-50183, CVE-2024-50187, CVE-2024-50195, CVE-2024-50218, CVE-2024-50234, CVE-2024-50236, CVE-2024-50237, CVE-2024-50264, CVE-2024-50265, CVE-2024-50267, CVE-2024-50273, CVE-2024-50278, CVE-2024-50279, CVE-2024-50289, CVE-2024-50290, CVE-2024-50296, CVE-2024-50301, CVE-2024-50302, CVE-2024-53058, CVE-2024-53061, CVE-2024-53063, CVE-2024-53066, CVE-2024-53085, CVE-2024-53088, CVE-2024-53104, CVE-2024-53114 CVE-2025-21653, CVE-2025-21664, CVE-2025-21678, CVE-2025-21682 |
https://nvd.nist.gov/vuln/search |
|
Libcurl |
CVE-2023-38545, CVE-2025-0167, CVE-2025-0725 |
https://nvd.nist.gov/vuln/search |
| Logback-classic |
CVE-2024-12798 |
https://nvd.nist.gov/vuln/search |
| Logback-core |
CVE-2024-12798 |
https://nvd.nist.gov/vuln/search |
| Netty |
CVE-2024-29025, CVE-2024-47535, CVE-2025-24970 |
https://nvd.nist.gov/vuln/search |
| OpenSSH |
CVE-2025-26465 |
https://nvd.nist.gov/vuln/search |
| OpenSSL |
CVE-2021-3712, CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-4304, CVE-2023-0286, CVE-2023-0215, CVE-2024-5535 |
https://nvd.nist.gov/vuln/search |
| spring-context |
CVE-2024-38820 |
https://nvd.nist.gov/vuln/search |
| spring-core |
CVE-2024-38820 |
https://nvd.nist.gov/vuln/search |
| spring-security-web |
CVE-2024-38821 |
https://nvd.nist.gov/vuln/search |
| spring-web |
CVE-2024-22262 |
https://nvd.nist.gov/vuln/search |
| Spring-webmvc |
CVE-2024-38819, CVE-2024-38820 |
https://nvd.nist.gov/vuln/search |
| Tomcat-embed-core |
CVE-2024-50379, CVE-2024-56337 |
https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-23382 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. |
4.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
| CVE-2025-26475 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active. | 5.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2025-23382 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. |
4.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
| CVE-2025-26475 | Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active. | 5.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |
Produits concernés et mesure corrective
| Product | Affected Versions | Updated Version | Link to Update |
| Dell Secure Connect Gateway - Appliance | Versions prior to 5.28.00.14 | Version 5.28.00.14 or later | https://www.dell.com/support/product-details/product/secure-connect-gateway-ve/drivers |
| Product | Affected Versions | Updated Version | Link to Update |
| Dell Secure Connect Gateway - Appliance | Versions prior to 5.28.00.14 | Version 5.28.00.14 or later | https://www.dell.com/support/product-details/product/secure-connect-gateway-ve/drivers |
Historique des révisions
| Revision | Date | Description |
| 1.0 | 2025-03-04 | Initial Release |
| 2.0 | 2025-03-04 | Corrected the CVE score URL |
| 3.0 | 2025-03-19 | Updated the CVE description for CVE-2025-26475 |
| 4.0 | 2025-03-19 | Updated for enhanced presentation with no changes to the content |