CVE-2025-36575

Vulnerability

Dell Wyse Management Suite versions prior to WMS 5.2 contain an Exposure of Sensitive Information Through Data Queries vulnerability. The flaw exists in the proprietary code of the management suite and can be triggered without authentication or user interaction, as the CVSS vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates network-based exploitation with low complexity and no privileges required [1].

Exploitation

An unauthenticated attacker with remote network access can exploit this vulnerability by sending specially crafted queries to the vulnerable endpoint. No prior authentication or user interaction is required. The precise query mechanism is not disclosed in the available references, but the CVSS score and description confirm that the attack can be launched remotely over the network without any special privileges [1].

Impact

Successful exploitation leads to unauthorized disclosure of sensitive information stored or handled by the WMS application. The CVSS confidentiality impact is rated as High, while integrity and availability impacts are None. This means an attacker can read confidential data but cannot modify or delete it. The scope remains unchanged, so the attacker does not gain access to other system components [1].

Mitigation

Dell released WMS version 5.2 as the fixed version to address this vulnerability. Customers are advised to upgrade to WMS 5.2 or later. The official advisory (DSA-2025-226) recommends applying the update as soon as possible. No workarounds have been disclosed by Dell for this specific CVE [1].