CVE-2025-27692

Vulnerability

CVE-2025-27692 is an Unrestricted Upload of File with Dangerous Type vulnerability in Dell Wyse Management Suite (WMS) versions prior to WMS 5.1 [1]. The flaw resides in proprietary code components where the application does not properly validate or restrict the types of files that can be uploaded by authenticated users. A high-privileged attacker (e.g., an administrator-level user) can upload a malicious file, such as a web shell or executable, to the server. The affected versions are all WMS releases before version 5.1.

Exploitation

To exploit this vulnerability, an attacker needs remote access to the WMS instance and must possess high privileges (e.g., administrator credentials). No user interaction is required beyond the attacker's own actions. The attacker can directly upload a crafted file containing dangerous content (such as a script or binary) to the application's upload endpoint. The server then stores the file and may execute it in the context of the WMS application, depending on the server configuration.

Impact

A successful exploit can lead to multiple severe outcomes: denial of service (by consuming server resources or crashing services), information disclosure (by reading sensitive files or data accessible to the WMS process), and remote code execution (by executing arbitrary commands or binaries on the underlying server). The attacker gains the ability to compromise the confidentiality, integrity, and availability of the WMS system and potentially the managed thin clients.

Mitigation

Dell has addressed this vulnerability in WMS version 5.1. Users should upgrade to WMS 5.1 or later immediately [1]. No workarounds have been published. Administrators should review and restrict file upload permissions and monitor for unusual file activity if upgrading is not immediately possible. The CVE is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.