CVE-2025-46363 is a relative path traversal vulnerability classified under CWE-23, discovered in Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance versions 5.26.00.00 through 5.30.00.00. The vulnerability exists in an internal REST API designed for collection downloads, which can be enabled by an administrator via the SCG user interface. When enabled, this API improperly validates user-supplied input paths, allowing a low privileged remote attacker to manipulate the file path parameter to traverse directories and access restricted files outside the intended directory scope. This can lead to unauthorized disclosure of sensitive files on the appliance or application server. The vulnerability requires the attacker to have remote access to the SCG appliance network interface and the REST API must be enabled by an admin, but no further authentication or user interaction is required. The CVSS v3.1 base score is 4.3 (medium severity), reflecting network attack vector, low attack complexity, low privileges required, no user interaction, and limited confidentiality impact without affecting integrity or availability. No public exploits or active exploitation have been reported to date. Dell has not yet published patches but administrators are advised to monitor for updates and consider disabling the vulnerable API if not in use. This vulnerability highlights the risk of insufficient input validation in internal management APIs of security appliances, which can lead to sensitive data exposure.

For European organizations, the primary impact of CVE-2025-46363 is unauthorized disclosure of sensitive information stored on Dell SCG appliances due to relative path traversal. This can compromise confidentiality of internal configurations, logs, or other sensitive files, potentially aiding further attacks or data leakage. Since the vulnerability does not affect integrity or availability, direct disruption or data manipulation is unlikely. However, exposure of sensitive files could lead to compliance violations under GDPR if personal or sensitive data is disclosed. Organizations relying on Dell SCG for secure remote connectivity or network segmentation may face increased risk of lateral movement or reconnaissance by attackers exploiting this flaw. The requirement for the REST API to be enabled and remote access to the appliance somewhat limits the attack surface, but insider threats or attackers who have gained initial footholds could leverage this vulnerability. The absence of known exploits reduces immediate risk, but the medium severity score and potential for sensitive data exposure warrant proactive mitigation.

1. Immediately verify if the internal collection download REST API is enabled on Dell SCG appliances; if not required, disable it to eliminate the attack vector. 2. Restrict network access to the SCG management interfaces and REST APIs using firewall rules and network segmentation to limit exposure to trusted administrators only. 3. Monitor Dell’s security advisories closely for official patches or firmware updates addressing CVE-2025-46363 and apply them promptly once released. 4. Conduct internal audits of SCG appliance configurations and logs to detect any suspicious access patterns or attempts to exploit path traversal. 5. Implement strict access controls and multi-factor authentication for administrative users to reduce risk of unauthorized enabling of vulnerable APIs. 6. Employ file integrity monitoring on SCG appliances to detect unauthorized file access or changes. 7. Educate IT security teams about this vulnerability and ensure incident response plans include steps for potential exploitation scenarios. 8. Consider deploying network intrusion detection systems (NIDS) with signatures or heuristics for path traversal attempts targeting SCG appliances.