Cyber Resilience

CVE-2025-36574

High

Published: 10 June 2025

Published
10 June 2025
Modified
11 July 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0262 86.0th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-36574 is a high-severity Absolute Path Traversal (CWE-36) vulnerability in Dell Wyse Management Suite. Its CVSS base score is 8.2 (High).

Operationally, ranked in the top 14.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Dell Wyse Management Suite versions prior to WMS 5.2 contain an absolute path traversal vulnerability tracked as CVE-2025-36574. The flaw is classified under CWE-36 and carries a CVSS 3.1 score of 8.2, reflecting network-accessible attack vectors that require no authentication or user interaction.

An unauthenticated remote attacker can exploit the issue to disclose sensitive information and obtain unauthorized access to the affected management platform. The EPSS score remains flat at 0.0262 with no observed rise after disclosure.

Dell has published advisory DSA-2025-226 at the referenced support URL, which addresses the vulnerability in the affected Wyse Management Suite releases.

EU & UK References

Vulnerability details

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dell
wyse management suite
≤ 5.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References