25.11.10.42 - November 2025, Feature

There have been a number of enhancements, security fixes, bug fixes, and a deprecation for this release.

Enhancements

1. A number of updates have been made to the eSIM support:

   1. Support for bootstrap profiles.

      Traffic on the bootstrap profile is restricted to the following connections to allow for carrier profiles to be uploaded:

      Host	Allowed connections
      Digi Remote Manager	edp12.devicecloud.com proxy.devicecloud.com test.idigi.com tm1.idigi.com dm1.devicecloud.com dm2.devicecloud.com
      NTP	time.devicecloud.com
      Kigen	eim-production-0.kigen.com

   2. Support for eSIM profile failover when making a cellular connection has been added. The device will attempt make a connection using each profile on the eSIM until a successful cellular connection is established, with the bootstrap profile being the last profile to be used.

   3. eSIM information including profiles is now included in the Query State information. The information is pushed up to Digi Remote Manager on change rather than waiting for the next upload interval.

2. The Wi-Fi WPA3 Enterprise support has been updated with a new WPA3-192 security option to support better compatibility.

   The original WPA3 Enterprise security setting has been updated to use 128-bit WPA3.

   The new WPA3-192 Enterprise security setting use 192-bit WPA3.

   Note Users currently using WPA3 Enterprise setting will be migrated to the new WPA3-192 setting.

3. The configuration support has been updated to minimize the CPU and memory utilization on the device.

4. The Web UI has been updated to reduce the time taken to load pages.

5. A REST API has been added to allow the query state information to be retrieved directly from the device.

6. A new option has been added to configure which interface to use for Digi Remote Manager connections.

   The new configuration is cloud > drm > drm_interface <interface>.

7. The IPsec support has been updated as follows:

   • The IPsec peer configuration has moved from vpn > ipsec > tunnels > name > remote > hostnames to vpn > ipsec > tunnels > name > remote > peers

   • The peer selection configuration parameter has changed from vpn > ipsec > tunnels > name > remote > hostname_selection to vpn > ipsec > tunnels > name > remote > peer_selection

   • A new weighted round-robin algorithm has been added to allow certain peers to be more likely used.

   • An individual peer ID can now be configured for each peer if required.

   • The IPsec certificate and key settings have been made private so that it is not possible to read the values once they have been entered.

8. The SNMP trap support has been updated to allow the hostname to be used when sending a trap. The default is to use the MAC address.

9. The local Web UI link to documentation has been updated to use the new Digi Cellular and Networking documentation portal.

10. The following new T-Mobile IOT APNs have been added to the APN list

    • iot.cc

    • static.iot

    • static.iot.t-mobile.com

11. The priority of the AT&T broadband and Verizon vzwinternet APNs have been increased so that they are attempted first when using the built-in APN list.

12. The firmware update process, when used via the CLI or Web UI, has been updated to check for a minimum firmware version to help users to update to required intermediate firmware version first.

Security fixes

Package updates will include all security updates for the stated release, unless stated otherwise.

1. The Linux kernel has been updated to 6.12.46 [DAL-11496]

2. The OpenSSL package has been updated to v3.5.4 [DAL-12433]

   • CVE-2025-9230 CVSS Score: 7.5 High

   • CVE-2025-9231 CVSS Score: 6.5 Medium

   • CVE-2025-9232 CVSS Score: 5.9 Medium

3. The expat library has been updated to v2.7.3 [DAL-12434]

   • CVE-2025-59375 CVSS Score: 7.5 High

4. The jerryscript package has been updated to version 3.0.0 [DAL-12398]

5. The glib library has been updated to v2.86.0 [DAL-11997]

   • CVE-2025-6052 CVSS Score: 7.5 High

   • CVE-2025-7039 CVSS Score: 3.7 Low

6. The procps package has been updated to v4.0.5 [DAL-11961]

   • CVE-2018-1121 CVSS Score: 5.9 Medium

   • CVE-2023-4016 CVSS Score: 3.3 Low

7. The Linux PAM library has been updated to v1.7.1 [DAL-11972]

   • CVE-2020-27780 CVSS Score: 9.8 Critical

   • CVE-2022-28321 CVSS Score: 9.8 Critical

   • CVE-2024-22365 CVSS Score: 5.5 Medium

   • CVE-2025-6020 CVSS Score: 7.8 High

8. The sqlite package has been updated to v3.50.4 [DAL-11945]

   • CVE-2025-6965 CVSS Score: 7.2 High

9. An issue with TACACS+ accepting unauthenticated replies has been resolved. [DAL-12391]

Bug fixes

1. The following issues with the Query State support has been resolved.

   • Gaps in the SureLink RTT value being reported. [DAL-12451]

   • Query state data not been uploaded to Digi Remote Manager for a period of time. [DAL-12539]

2. An issue with configured scripts not starting at boot-up has been resolved. [DAL-11743]

3. The following issues with IPsec have been resolved:

   • A missing firewall rule was causing packets to be dropped. [DAL-11998, DAL-12113]

   • The internal Linux interface name was being reported instead of the DAL interface name in the Query State information. [DAL-12046]

   • Using Default route as the local endpoint and not acting as the initiator would prevent the IPsec tunnel from coming up. [DAL-11361]

4. An issue with IX40 and TX40 occasionally not getting an IPv4 address when using a 5G multi-slice SIM has been resolved. [DAL-12258]

5. The following issues with WAN Bonding have been resolved:

   • The WAN Bonding status not being reported in the Query State information. [DAL-12298]

   • The WAN Bonding server IP address being incorrectly displayed in show wan-bonding command. [DAL-12173]

   • The interface used to connect to Digi Remote Manager when using WAN Bonding was being incorrectly displayed. [DAL-10738]

6. An issue where Digi Remote Manager cannot access files via symbolic links to files in directories that Digi Remote Manager cannot access has been resolved. [DAL-12292]

7. An issue where ModemManager can be unintentionally disabled when a modem is being updated has been resolved. [DAL-12285]

8. An issue where a serial port Rx displays 0 if no signals are active has been resolved. [DAL-12281]

9. An issue with cellular related events not being sent to remote syslog servers has been resolved. [DAL-12209]

10. A memory leak experienced when accessing the runt table in the Accelerated MIB has been resolved. [DAL-12176]

11. An issue with the Wireguard client on Windows 10 has been resolved. [DAL-12083]

12. An issue where the cellular module would not initialize if the modem match setting was set to “any” has been resolved. [DAL-11942]

13. An issue with Python scripts using the threading module where a NoneType exception was being unexpectedly thrown has been resolved. [DAL-10521]

14. An issue with the auto APN support for AT&T where a blank APN could be used has been resolved. [DAL-12558]

15. An issue with Wi-Fi where the WPA supplicant process was not terminated correctly has been resolved. [DAL-12554]

16. An error message that was being displayed regarding disabled interfaces when running a SpeedText on Digi Remote Manager over a specific interface has been resolved. [DAL-12447]

17. Excessive debug messages related to the scheduling of scripts have been removed. [DAL-12578]

Deprecations

1. The health metrics support has been removed from DAL. [DAL-9683]