What is the CVSS score of CVE-2025-36574?

CVE-2025-36574 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N. EPSS exploitation probability: 1.2%.

Which versions of Wyse Management Suite are affected by CVE-2025-36574?

Dell Wyse Management Suite versions before 5.2 contain a critical path traversal vulnerability allowing unauthenticated attackers to read arbitrary files remotely, exposing sensitive configuration…. A patch is available.

How to fix or mitigate CVE-2025-36574?

Within 24 hours: Identify all Dell Wyse Management Suite instances and document current versions via inventory or vendor portal. Within 7 days: Apply vendor-released patch to upgrade all instances to version 5.2 or later; verify patch application in pre-production environment first. Within 30 days: Conduct file-access audit logs for the Management Suite to identify any unauthorized file reads during the vulnerability window; reset any credentials that may have been exposed.

Wyse Management Suite CVE-2025-36574

EUVD-2025-17754 HIGH

Absolute Path Traversal (CWE-36)

2025-06-10 security_alert@emc.com

Authentication Bypass Information Disclosure Path Traversal Dell Wyse Management Suite

8.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:40 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

5.2

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17754

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 18:15 nvd

HIGH 8.2

DescriptionNVD

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.

AnalysisAI

Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows unauthenticated remote attackers to read arbitrary files and gain unauthorized access without user interaction. The CVSS 8.2 score reflects high confidentiality impact and low integrity impact, with network-based attack vector requiring no privileges or interaction. No KEV/CISA active exploitation data, EPSS score, or public POC is currently confirmed in available intelligence, but the unauthenticated remote nature and path traversal primitive warrant immediate patching.

Technical ContextAI

Absolute Path Traversal (CWE-36) occurs when an application fails to properly validate or sanitize file path inputs, allowing attackers to reference files outside intended directories using absolute paths (e.g., /etc/passwd on Unix systems). In Dell Wyse Management Suite—a remote management platform for Wyse thin client devices—the vulnerability likely exists in a web interface, API endpoint, or file serving mechanism that constructs file paths from user input without validation. The affected technology stack typically involves HTTP-based management interfaces common to Dell enterprise thin-client solutions. CPE designation would be 'cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*' with vulnerable versions <5.2.

RemediationAI

patch: Upgrade Dell Wyse Management Suite to version 5.2 or later; priority: critical; details: Apply the latest security patch from Dell's support portal. Organizations should test patches in non-production environments before enterprise deployment to ensure compatibility with existing thin-client configurations. workaround: Network segmentation and access control; details: If immediate patching is not feasible, restrict network access to the Wyse Management Suite administrative interfaces using firewall rules, WAF policies, or network segmentation. Limit access to trusted administrative networks only. detection: Monitor and log file access patterns; details: Enable detailed logging on the WMS application and underlying OS. Search for suspicious path traversal patterns in logs (e.g., sequences containing '../', absolute paths, or unusual file requests). Monitor for unexpected file access attempts to sensitive locations (/etc, /proc, application config directories). mitigation: Principle of least privilege for service accounts; details: Ensure the Wyse Management Suite application runs with minimal file system permissions, limiting the scope of files accessible via path traversal exploitation.

More from same product – last 7 days

CVE-2025-26483 MEDIUM This Month

6.1 May 22

Open redirect vulnerability in Dell PowerFlex Manager 4.6.2 and prior enables unauthenticated remote attackers to craft

CVE-2025-32751 MEDIUM This Month

5.5 May 22

Dell PowerFlex Manager versions 4.6.2 and earlier improperly store sensitive information in a manner accessible to low-p

CVE-2025-32747 MEDIUM This Month

5.3 May 22

Incorrect Privilege Assignment in Dell PowerFlex Manager version 4.6.2 and earlier (both Appliance and Rack form factors

CVE-2025-32749 MEDIUM This Month

5.3 May 22

Directory listing exposure in Dell PowerFlex Manager versions 4.6.2 and earlier allows an attacker to enumerate director

CVE-2025-32745 MEDIUM This Month

4.2 May 22

Improper certificate validation in Dell PowerFlex Manager version 4.6.2 and earlier allows an unauthenticated attacker o

CVE-2025-36574 vulnerability details – vuln.today

Back

Wyse Management Suite CVE-2025-36574

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code