Dell Secure Connect Gateway: Security gaps jeopardize remote IT support
Several components of Dell Secure Connect Gateway have vulnerabilities and can serve as a starting point for attackers.
(Image: AFANASEV IVAN/Shutterstock.com)
Dell's connection gateway Secure Connect Gateway for IT support over the Internet, among other things, is vulnerable. The vulnerabilities endanger corporate networks. Admins should install the patched version as soon as possible.
Various security problems
The developers list the vulnerable components in a warning message. In Spring Security, for example, password errors occur in the context of BCrypt and actually incorrect passwords are falsely waved through as valid under certain conditions (CVE-2025-22228 “high”). A Tomcat vulnerability (CVE-2025-24813) is considered “critical”. This can lead to the execution of malicious code.
Videos by heise
A vulnerability (CVE-2025-26465) in OpenSSH is classified as “medium” threat level. At this point, attackers can hack into connections. The developers assure that they have closed the security gaps in Secure Connect Gateway 5.30.0.14. All previous versions are vulnerable. There are currently no reports of ongoing attacks. However, this can change quickly, and therefore admins should not delay too long with patching.
(des)
