Dell Alerts Users to Secure Connect Gateway Vulnerabilities

Dell Technologies has released a critical security advisory (DSA-2025-104) addressing over 200 vulnerabilities in its Secure Connect Gateway (SCG) appliance and virtual edition, including high-risk flaws in third-party components and proprietary code.

The update, released on March 19, 2025, impacts SCG versions before 5.28.00.14 and includes fixes for CVSS-rated vulnerabilities that could lead to remote code execution, privilege escalation, and data exfiltration.

Third-Party Component Vulnerabilities

The update resolves critical flaws in widely used libraries and frameworks, including:

• GRUB2: 11 CVEs (e.g., CVE-2025-0622, CVE-2025-1125) affecting bootloader security.
• Linux Kernel: 82 CVEs spanning memory corruption, privilege escalation, and denial-of-service risks (e.g., CVE-2024-46724, CVE-2024-56593).
• OpenSSL: 8 CVEs, including CVE-2023-0286 (X.509 certificate validation bypass) and CVE-2024-5535 (DHCP client stack overflow).
• Spring Framework: Authorization bypass (CVE-2024-38820) and improper request handling (CVE-2024-22262).

These vulnerabilities could allow attackers to compromise SCG’s secure remote services (SRS) infrastructure, which manages telemetry data and automated support workflows for enterprise environments.

Proprietary Code Risks

Two high-priority SCG-specific vulnerabilities were patched:

1. CVE-2025-23382: Exposure of sensitive system information via misconfigured access controls (CVSS 4.7).
2. CVE-2025-26475: Improper validation of Docker’s Live-Restore setting, enabling container persistence during daemon restarts (CVSS 5.5).

The Live-Restore flaw, while not directly exploitable for code execution, could allow attackers to maintain footholds in containerized environments during maintenance windows.

Risk Factor Analysis

The table below summarizes critical vulnerabilities addressed in this update:

Remediation and Recommendations

Dell mandates immediate updates to SCG 5.28.00.14 or later for all affected systems1.

Key steps include:

1. Patch Deployment: Apply updates via Dell’s support portal.
2. Access Controls: Restrict administrative privileges to mitigate local exploitation vectors.
3. Network Segmentation: Isolate SCG appliances from non-critical infrastructure to limit lateral movement.

Administrators should also audit container configurations and disable Live-Restore unless explicitly required for operational continuity.

Contextualizing SCG’s Security Posture

This update follows a series of SCG-related advisories in 2024, including SQL injection (CVE-2024-51539) and cryptographic weaknesses (CVE-2024-48016).

The 2025 patches reflect Dell’s expanded focus on supply-chain security, with 73% of addressed CVEs originating from third-party dependencies.

SCG’s role in centralized device management amplifies risks, as compromised instances could expose telemetry data from connected storage, servers, and hyper-converged systems.

CISA has yet to flag these vulnerabilities for active exploitation, but historical attacks on similar enterprise gateways (e.g., 2024’s ETIC Telecom RAS breaches) underscore the urgency.

Dell’s March 2025 security update represents a critical inflection point for SCG administrators, addressing vulnerabilities that span firmware to application layers.

With CVSS scores reaching 9.8 and systemic risks to connected infrastructure, prioritized patching is non-negotiable for maintaining secure hybrid IT environments.

Also Read: