CVE-2025-36574

| EUVD-2025-17754 HIGH
2025-06-10 [email protected]
8.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17754
CVE Published
Jun 10, 2025 - 18:15 nvd
HIGH 8.2

Tags

Authentication Bypass Information Disclosure Path Traversal Dell Wyse Management Suite

Description

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.

Analysis

Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows unauthenticated remote attackers to read arbitrary files and gain unauthorized access without user interaction. The CVSS 8.2 score reflects high confidentiality impact and low integrity impact, with network-based attack vector requiring no privileges or interaction. No KEV/CISA active exploitation data, EPSS score, or public POC is currently confirmed in available intelligence, but the unauthenticated remote nature and path traversal primitive warrant immediate patching.

Technical Context

Absolute Path Traversal (CWE-36) occurs when an application fails to properly validate or sanitize file path inputs, allowing attackers to reference files outside intended directories using absolute paths (e.g., /etc/passwd on Unix systems). In Dell Wyse Management Suite—a remote management platform for Wyse thin client devices—the vulnerability likely exists in a web interface, API endpoint, or file serving mechanism that constructs file paths from user input without validation. The affected technology stack typically involves HTTP-based management interfaces common to Dell enterprise thin-client solutions. CPE designation would be 'cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*' with vulnerable versions <5.2.

Affected Products

Wyse Management Suite (All versions prior to 5.2)

Remediation

patch: Upgrade Dell Wyse Management Suite to version 5.2 or later; priority: critical; details: Apply the latest security patch from Dell's support portal. Organizations should test patches in non-production environments before enterprise deployment to ensure compatibility with existing thin-client configurations. workaround: Network segmentation and access control; details: If immediate patching is not feasible, restrict network access to the Wyse Management Suite administrative interfaces using firewall rules, WAF policies, or network segmentation. Limit access to trusted administrative networks only. detection: Monitor and log file access patterns; details: Enable detailed logging on the WMS application and underlying OS. Search for suspicious path traversal patterns in logs (e.g., sequences containing '../', absolute paths, or unusual file requests). Monitor for unexpected file access attempts to sensitive locations (/etc, /proc, application config directories). mitigation: Principle of least privilege for service accounts; details: Ensure the Wyse Management Suite application runs with minimal file system permissions, limiting the scope of files accessible via path traversal exploitation.

Priority Score

42
Low Medium High Critical
KEV: 0
EPSS: +1.2
CVSS: +41
POC: 0

Share

CVE-2025-36574 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy