CVE-2025-36574
Published: 10 June 2025
Summary
CVE-2025-36574 is a high-severity Absolute Path Traversal (CWE-36) vulnerability in Dell Wyse Management Suite. Its CVSS base score is 8.2 (High).
Operationally, ranked in the top 14.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Dell Wyse Management Suite versions prior to WMS 5.2 contain an absolute path traversal vulnerability tracked as CVE-2025-36574. The flaw is classified under CWE-36 and carries a CVSS 3.1 score of 8.2, reflecting network-accessible attack vectors that require no authentication or user interaction.
An unauthenticated remote attacker can exploit the issue to disclose sensitive information and obtain unauthorized access to the affected management platform. The EPSS score remains flat at 0.0262 with no observed rise after disclosure.
Dell has published advisory DSA-2025-226 at the referenced support URL, which addresses the vulnerability in the affected Wyse Management Suite releases.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-17754
Vulnerability details
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.