CVE-2025-27694

Vulnerability

CVE-2025-27694 is an insufficient resource pool vulnerability in Dell Wyse Management Suite (WMS) versions prior to 5.1 [1]. The vulnerability exists in proprietary code, where the resource pool management does not adequately limit concurrent connections or resource consumption, making the system susceptible to resource exhaustion.

Exploitation

An unauthenticated attacker with remote network access can exploit this vulnerability by sending a flood of requests or specially crafted data that exhausts the server's resource pool [1]. No authentication, user interaction, or special privileges are required, and the attack can be conducted over the network.

Impact

Successful exploitation leads to a denial of service (DoS) condition, where WMS becomes unresponsive or unable to process legitimate requests [1]. The CVSS v3.1 base score is 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating a low availability impact with no confidentiality or integrity loss.

Mitigation

The vulnerability is fixed in Dell Wyse Management Suite version 5.1, which was released on or before the advisory date of April 2, 2025 [1]. Users should update to WMS 5.1 or later. No workarounds are provided, and the advisory does not list this CVE in CISA's Known Exploited Vulnerabilities (KEV) catalog.