Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
6DescriptionCVE.org
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.
AnalysisAI
Dell Wyse Management Suite versions prior to 5.2 contain an Absolute Path Traversal vulnerability (CWE-36) that allows unauthenticated remote attackers to read arbitrary files and gain unauthorized access without user interaction. The CVSS 8.2 score reflects high confidentiality impact and low integrity impact, with network-based attack vector requiring no privileges or interaction. No KEV/CISA active exploitation data, EPSS score, or public POC is currently confirmed in available intelligence, but the unauthenticated remote nature and path traversal primitive warrant immediate patching.
Technical ContextAI
Absolute Path Traversal (CWE-36) occurs when an application fails to properly validate or sanitize file path inputs, allowing attackers to reference files outside intended directories using absolute paths (e.g., /etc/passwd on Unix systems). In Dell Wyse Management Suite—a remote management platform for Wyse thin client devices—the vulnerability likely exists in a web interface, API endpoint, or file serving mechanism that constructs file paths from user input without validation. The affected technology stack typically involves HTTP-based management interfaces common to Dell enterprise thin-client solutions. CPE designation would be 'cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*' with vulnerable versions <5.2.
RemediationAI
patch: Upgrade Dell Wyse Management Suite to version 5.2 or later; priority: critical; details: Apply the latest security patch from Dell's support portal. Organizations should test patches in non-production environments before enterprise deployment to ensure compatibility with existing thin-client configurations. workaround: Network segmentation and access control; details: If immediate patching is not feasible, restrict network access to the Wyse Management Suite administrative interfaces using firewall rules, WAF policies, or network segmentation. Limit access to trusted administrative networks only. detection: Monitor and log file access patterns; details: Enable detailed logging on the WMS application and underlying OS. Search for suspicious path traversal patterns in logs (e.g., sequences containing '../', absolute paths, or unusual file requests). Monitor for unexpected file access attempts to sensitive locations (/etc, /proc, application config directories). mitigation: Principle of least privilege for service accounts; details: Ensure the Wyse Management Suite application runs with minimal file system permissions, limiting the scope of files accessible via path traversal exploitation.
More in Wyse Management Suite
View allRemote code execution affects Dell Wyse Management Suite in all versions prior to WMS 5.5 HF1, stemming from the applica
Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticat
Dell Wyse Management Suite versions prior to 5.5 suffer from improper access controls that allow authenticated remote at
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. Rated high sever
Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Rated high severity (CVS
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Querie
A information disclosure vulnerability in an Exposure of Sensitive Information (CVSS 7.5). High severity vulnerability r
Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. Rated high severity (
Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 whi
Remote code execution in Dell Wyse Management Suite (versions prior to WMS 5.5 HF1) is reachable through a path traversa
Remote code execution in Dell Wyse Management Suite versions before 5.5 via unrestricted file upload allows high-privile
Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Atte
Same weakness CWE-36 – Absolute Path Traversal
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17754