CVE-2025-36574 – Dell Wyse Management Suite versions before 5.2 ... (How to Fix)

Q: What is the severity of CVE-2025-36574?

CVE-2025-36574 has a CVSS score of 8.2 (HIGH). Dell Wyse Management Suite versions before 5.2 contain an absolute path traversal vulnerability that allows unauthenticated remote attackers to access files outside intended directories. This can lead to information disclosure and unauthorized access to sensitive system files. Organizations using Dell Wyse Management Suite for thin client management are affected.

📋 TL;DR

Dell Wyse Management Suite versions before 5.2 contain an absolute path traversal vulnerability that allows unauthenticated remote attackers to access files outside intended directories. This can lead to information disclosure and unauthorized access to sensitive system files. Organizations using Dell Wyse Management Suite for thin client management are affected.

💻 Affected Systems

Products:

Dell Wyse Management Suite

Versions: All versions prior to WMS 5.2

Operating Systems: Windows Server (primary deployment platform)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments of Dell Wyse Management Suite before version 5.2 regardless of configuration.

📦 What is this software?

Wyse Management Suite by Dell

View all CVEs affecting Wyse Management Suite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through access to sensitive configuration files, credentials, or system files leading to lateral movement across the network.

🟠

Likely Case

Information disclosure of sensitive configuration data, user credentials, or proprietary information stored in accessible directories.

🟢

If Mitigated

Limited impact due to network segmentation, proper access controls, and monitoring that detects traversal attempts.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing instances extremely vulnerable to automated attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires network access to the management interface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Path traversal vulnerabilities typically have low exploitation complexity, especially with unauthenticated access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: WMS 5.2 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000325679/dsa-2025-226

Restart Required: Yes

Instructions:

1. Download Dell Wyse Management Suite version 5.2 or later from Dell Support. 2. Backup current configuration and data. 3. Run the installer to upgrade. 4. Restart the Wyse Management Suite service or server as required.

🔧 Temporary Workarounds

Network Access Restriction

windows

Restrict network access to Wyse Management Suite to only trusted IP addresses or internal networks

Use firewall rules to limit access: netsh advfirewall firewall add rule name="Restrict WMS" dir=in action=allow protocol=TCP localport=8443 remoteip=192.168.1.0/24

Web Application Firewall

all

Deploy WAF rules to block path traversal patterns in HTTP requests

🧯 If You Can't Patch

Isolate the Wyse Management Suite server in a segmented network with strict access controls
Implement comprehensive monitoring and alerting for any file access attempts outside normal patterns

🔍 How to Verify

Check if Vulnerable:

Check the Wyse Management Suite version in the web interface under Help > About, or check installed programs in Windows Control Panel

Check Version:

In Windows: wmic product where "name like 'Dell Wyse Management Suite%'" get version

Verify Fix Applied:

Verify version is 5.2 or later in the web interface, and test that path traversal attempts are properly blocked

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' or '..\' patterns in URLs
Access to files outside expected directories in web server logs
Unauthenticated requests to sensitive file paths

Network Indicators:

Unusual file access patterns to the Wyse Management Suite web interface
Multiple failed traversal attempts from single sources

SIEM Query:

source="*wms*" AND (url="*../*" OR url="*..\\*" OR status=403 OR status=404) AND NOT user_agent="*bot*"

📊 Metadata

CVE ID: CVE-2025-36574

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-36

EPSS Score: 0.74% exploit probability (72.4th percentile)

Published: June 10, 2025

Last Updated: July 11, 2025

🔗 References

https://www.dell.com/support/kbdoc/en-us/000325679/dsa-2025-226 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36574, you might also want to check these: