Executive Summary

Dell Secure Connect Gateway has released a critical security advisory (DSA-2025-104) addressing multiple vulnerabilities across various third-party components. These vulnerabilities could potentially be exploited by malicious actors to compromise affected systems. While these vulnerabilities are critical, there are currently no reports of them being actively exploited in the wild, which presents a window of opportunity for organizations to act proactively. This report aims to provide a detailed analysis of the vulnerabilities, potential impacts, and best practices for mitigation.

Technical Information

Dell Secure Connect Gateway has identified vulnerabilities in several third-party components including Commons-net (CVE-2021-37533), Glibc (CVE-2025-0395), Grub2 (CVE-2025-0622, CVE-2025-0689), Kernel (CVE-2021-47163, CVE-2024-11187), OpenSSL (CVE-2021-3712, CVE-2022-0778), among others. These vulnerabilities vary in severity and could lead to information exposure, unauthorized access, and potential system compromise. The Commons-net vulnerability, for instance, could allow attackers to execute arbitrary code, while issues within Glibc might enable attackers to cause a denial of service. The OpenSSL vulnerabilities could potentially allow attackers to execute man-in-the-middle attacks or cause buffer overflows, leading to system instability or unauthorized data access. Each vulnerability should be reviewed thoroughly, and the necessary patches applied as per Dell’s guidance.

Exploitation in the Wild

Currently, there are no confirmed reports of these vulnerabilities being exploited in the wild. This status underscores the importance of rapid patching and system updates to prevent future exploitation. The presence of these vulnerabilities in widely used components means the potential for exploitation remains significant. Organizations should remain vigilant and monitor threat intelligence feeds for any emerging threats that leverage these vulnerabilities.

APT Groups using this vulnerability

No specific APT groups have been identified as actively exploiting these vulnerabilities at this time. However, the critical nature of these vulnerabilities makes them attractive targets for APT groups in the future. Organizations, especially those in sectors such as financial services, healthcare, and critical infrastructure, should be particularly cautious and proactive in applying the recommended updates.

Affected Product Versions

The vulnerabilities affect the following product versions: Dell Secure Connect Gateway - Appliance versions prior to 5.28.00.14. Dell strongly recommends updating to version 5.28.00.14 or later to secure systems against these vulnerabilities. Detailed update instructions and guidance are available on Dell’s official support page (https://www.dell.com/support/kbdoc/en-us/000291028/dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities).

Workaround and Mitigation

Dell has released updates to address these vulnerabilities. For affected versions of the Dell Secure Connect Gateway, it is recommended to update to version 5.28.00.14 or later. Additionally, organizations should ensure that their systems are configured to automatically receive and apply security updates, thus minimizing the window of exposure to potential threats. Regular vulnerability assessments and penetration testing should be integral parts of an organization’s cybersecurity strategy to identify and mitigate risks proactively.

References

1. Dell Secure Connect Gateway Security Update: https://www.dell.com/support/kbdoc/en-us/000291028/dell-secure-connect-gateway-security-update-for-multiple-third-party-component-vulnerabilities
2. National Vulnerability Database (NVD): https://nvd.nist.gov/vuln/search

Rescana is here for you

At Rescana, we understand the complexities and challenges that come with managing third-party risks in an ever-evolving threat landscape. Our TPRM (Third Party Risk Management) platform is designed to help organizations identify, assess, and mitigate risks associated with third-party relationships. By providing comprehensive insights and actionable intelligence, we empower our clients to make informed decisions that strengthen their cybersecurity posture. For any questions regarding this report or any other cybersecurity concerns, please contact us at ops@rescana.com. We are here to support you in navigating these challenges effectively.