Details of VAR-202510-2077

ID

VAR-202510-2077

CVE

CVE-2025-46363

TITLE

Dell's secure connect gateway Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2025-025105

DESCRIPTION

Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources. However, the information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software. Dell Secure Connect Gateway is an enterprise-grade secure connectivity gateway device from Dell, primarily used to monitor hardware status, automatically create support requests, and ensure secure communication between devices and Dell backend services

Trust: 2.16

sources: NVD: CVE-2025-46363 // JVNDB: JVNDB-2025-025105 // CNVD: CNVD-2025-27580

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-27580

AFFECTED PRODUCTS

vendor:	dell	model:	secure connect gateway	scope:	lt	version:	5.32.00.00	Trust: 1.0
vendor:	dell	model:	secure connect gateway	scope:	gte	version:	5.26.00.00	Trust: 1.0
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	5.26.00.00 that's all 5.32.00.00	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	secure connect gateway	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	secure connect gateway	scope:	gte	version:	5.26.00.00,<=5.30.00.00	Trust: 0.6

sources: CNVD: CNVD-2025-27580 // JVNDB: JVNDB-2025-025105 // NVD: CVE-2025-46363

CVSS

SEVERITY

CVSSV2

CVSSV3

security_alert@emc.com:	CVE-2025-46363
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2025-025105
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-27580
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-27580
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2025-46363
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-025105
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-27580 // JVNDB: JVNDB-2025-025105 // NVD: CVE-2025-46363

PROBLEMTYPE DATA

problemtype:	CWE-23	Trust: 1.0
problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8
problemtype:	Relative past traversal (CWE-23) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-025105 // NVD: CVE-2025-46363

PATCH

title:	DSA-2025-386	url:	https://www.dell.com/support/kbdoc/en-us/000385239/dsa-2025-386-security-update-for-dell-secure-connect-gateway-rest-api	Trust: 0.8
title:	Patch for Dell Secure Connect Gateway relative path traversal vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/752011	Trust: 0.6

sources: CNVD: CNVD-2025-27580 // JVNDB: JVNDB-2025-025105

EXTERNAL IDS

db:	NVD	id:	CVE-2025-46363	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-025105	Trust: 0.8
db:	CNVD	id:	CNVD-2025-27580	Trust: 0.6

sources: CNVD: CNVD-2025-27580 // JVNDB: JVNDB-2025-025105 // NVD: CVE-2025-46363

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2025-46363	Trust: 1.4
url:	https://www.dell.com/support/kbdoc/en-us/000385239/dsa-2025-386-security-update-for-dell-secure-connect-gateway-rest-api	Trust: 1.0

sources: CNVD: CNVD-2025-27580 // JVNDB: JVNDB-2025-025105 // NVD: CVE-2025-46363

SOURCES

db:	CNVD	id:	CNVD-2025-27580
db:	JVNDB	id:	JVNDB-2025-025105
db:	NVD	id:	CVE-2025-46363

LAST UPDATE DATE

2026-01-24T23:46:35.639000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-27580	date:	2025-11-11T00:00:00
db:	JVNDB	id:	JVNDB-2025-025105	date:	2026-01-23T05:19:00
db:	NVD	id:	CVE-2025-46363	date:	2026-01-21T20:20:13.310

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-27580	date:	2025-11-10T00:00:00
db:	JVNDB	id:	JVNDB-2025-025105	date:	2026-01-23T00:00:00
db:	NVD	id:	CVE-2025-46363	date:	2025-10-30T16:15:35.580