CVE-2025-46363

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dell Secure Connect Gateway versions 5.26.00.00 through 5.30.00.00

Description Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance versions 5.26.00.00 through 5.30.00.00 contain a Relative Path Traversal vulnerability. This issue affects the SCG exposed for an internal collection download REST API, if enabled by an administrator user through the user interface. A low-privileged attacker with remote access could potentially exploit this, allowing relative path traversal to restricted resources. The API endpoint involved is a REST API for internal collection download.

Recommendations Versions 5.26.00.00 through 5.30.00.00: Disable the internal collection download REST API if it is not required.

Fix

Path traversal

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-23

Related Identifiers

CVE-2025-46363

Affected Products

Dell Secure Connect Gateway

CVE-2025-46363

Weakness Enumeration

Related Identifiers

Affected Products

References · 7