Skip to main content

Secure Connect Gateway CVE-2025-26475

MEDIUM
Improper Authentication (CWE-287)
2025-03-19 security_alert@emc.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:32 vuln.today
Patch released
Mar 28, 2026 - 18:32 nvd
Patch available
CVE Published
Mar 19, 2025 - 16:15 nvd
MEDIUM 5.5

DescriptionCVE.org

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active.

AnalysisAI

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack exposure, preventing accidental misconfigurations, and ensuring security controls remain active. Affected products include: Dell Secure Connect Gateway.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2024-48016 HIGH
8.8 Oct 18

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains a Use of a Broken or Risky Cryptographi

CVE-2024-29168 HIGH
8.8 Jun 13

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST

CVE-2024-22457 HIGH
8.8 Mar 01

Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. Ra

CVE-2024-47241 HIGH
8.1 Oct 18

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vuln

CVE-2024-29169 HIGH
8.1 Jun 13

Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST A

CVE-2023-28043 MEDIUM
6.5 Jun 01

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. Rated medium severity

CVE-2025-46696 MEDIUM
6.4 Jan 06

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Executi

CVE-2024-47240 MEDIUM
6.3 Oct 18

Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. Rated medium severity (C

CVE-2023-23695 MEDIUM
5.9 Feb 17

Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. Rated medi

CVE-2025-23382 MEDIUM
5.5 Mar 19

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Infor

CVE-2021-36340 MEDIUM
5.5 Nov 20

Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. Rated medium severity (CV

CVE-2024-28968 MEDIUM
5.4 Jun 13

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal

Share

CVE-2025-26475 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy