Dell Technologies has issued multiple security advisories addressing critical vulnerabilities across several enterprise products, with fixes now available for systems ranging from cloud platforms to data protection appliances. Organizations using affected Dell products are urged to apply patches immediately to mitigate potential security risks.
Two of the most severe advisories carry critical severity ratings, affecting Dell’s APEX Cloud Platform and Secure Connect Gateway products. These vulnerabilities could potentially allow attackers to compromise affected systems, making them high-priority concerns for IT administrators.
APEX Cloud Platform Vulnerabilities
Dell has released DSA-2025-388, addressing multiple third-party component vulnerabilities in both the APEX Cloud Platform for Microsoft Azure and the APEX Cloud Platform Foundation Software. The update remediates hundreds of CVEs spanning various components including Intel security advisories and SUSE Linux vulnerabilities.
Organizations running versions prior to 01.06.01.00 should upgrade to version 01.06.01.00 or later. The affected components include critical infrastructure elements such as PowerEdge Server security updates and numerous SUSE-related vulnerabilities affecting the underlying operating system.
Secure Connect Gateway Under Threat
The Dell Secure Connect Gateway Policy Manager faces two separate critical advisories. DSA-2025-386 addresses vulnerabilities in the REST API, while DSA-2025-391 tackles multiple security issues including flaws in Spring Framework, Java 21, Apache Commons, Apache Tomcat, and Bouncy Castle for Java.
Of particular concern is CVE-2025-36592, a cross-site scripting vulnerability with a CVSS score of 5.4 that could allow unauthenticated attackers with remote access to inject malicious scripts. The Policy Manager appliance requires an update to version 5.32.00.18 or later to address these issues.
High-Severity Updates for Data Protection Products
Dell has issued DSA-2025-404, a high-severity advisory affecting multiple data protection and backup products. The update addresses vulnerabilities in Dell Avamar, NetWorker Virtual Edition, and PowerProtect DP Series Appliance/Integrated Data Protection Appliance.
The affected products include several Avamar configurations running on SUSE Linux Enterprise 12 SP5, including Data Store Gen4T, Data Store Gen5A, Virtual Edition deployments across Azure and AWS, NDMP Accelerator, and VMware Image Backup Proxy. Organizations should apply the latest OS Security Rollup 2025R3 to remediate these issues.
Key vulnerabilities addressed span multiple components including Apache2, kernel modules, GNU Coreutils, OpenPrinting CUPS, Curl, and various libraries such as libarchive, libssh, LibTIFF, and PostgreSQL. The update also includes fixes for Oracle JRE 8u451 vulnerabilities by upgrading to Oracle JRE 8u461.
Additional Security Updates
Two other advisories round out the October 2025 security releases. DSA-2025-338 provides security updates for Dell Data Protection Advisor addressing JDK 8u451 vulnerabilities, while DSA-2025-379 offers medium-severity fixes for Dell Unity, UnityVSA, and Unity XT storage systems.
Recommended Actions for Administrators
Given the critical nature of several advisories, Dell recommends immediate action for affected systems. Administrators should assess whether their deployments are vulnerable by checking product versions against the affected versions listed in each security advisory.
For data protection products, the remediation process involves applying the 2025-R3 security patches. PowerProtect DP Series Appliance customers must first upgrade to version 2.7.9 before applying the security rollup. Organizations can access patches through Dell’s support portal or Dell Customer Support.
System administrators should review authentication logs for any suspicious activity that may have occurred while vulnerabilities were present. Dell emphasizes considering both CVSS base scores and relevant temporal and environmental factors when assessing the potential impact on specific deployments.
Organizations are encouraged to establish a patching schedule that balances security needs with operational requirements, prioritizing critical-rated vulnerabilities for immediate deployment.
All security updates and patches are available through Dell’s support website under the respective product download areas. Detailed remediation instructions, affected version information, and links to patches can be found in each Dell Security Advisory document on the Dell Security Advisories, Notices and Resources page here.
Leave a Reply