CVE-2025-27695

Vulnerability

Dell Wyse Management Suite (WMS) versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. The flaw resides in the proprietary code of the management suite and allows a high-privileged attacker with remote access to bypass authentication mechanisms by spoofing legitimate credentials or session identifiers. The affected versions include all builds of WMS before the 5.1 release [1].

Exploitation

To exploit this vulnerability, an attacker must have high privileges on the network (e.g., administrator or similarly elevated role) and remote access to the WMS instance. The attacker can spoof authentication tokens or impersonate a trusted entity to gain unauthorized entry. The exact sequence of steps is not detailed in the advisory, but the attack requires high privileges and does not require user interaction [1].

Impact

Successful exploitation leads to information disclosure. The attacker can access sensitive data managed by the WMS, such as device configurations, credentials, or other confidential information. The CVSS base score is not explicitly provided for this specific CVE in the reference, but the impact is rated as High by Dell [1].

Mitigation

Dell has addressed this vulnerability in WMS version 5.1. Users should upgrade to WMS 5.1 or later immediately. No workarounds are documented; upgrading is the only mitigation. The advisory does not list this CVE as part of the CISA Known Exploited Vulnerabilities catalog [1].