CVE-2025-36576

Vulnerability

Dell Wyse Management Suite (WMS) versions prior to 5.2 contain a Cross-Site Request Forgery (CSRF) vulnerability ([1]). The CSRF flaw resides in the proprietary code of the management suite and can be triggered when a high-privileged user interacts with a crafted request.

Exploitation

An attacker with remote access and high privileges (e.g., administrator) can exploit the CSRF vulnerability by tricking a victim into performing an unintended action. The attacker must craft a malicious request that the victim's browser executes while authenticated to the WMS, potentially enabling further server-side operations.

Impact

Exploitation of this CSRF vulnerability leads to Server-Side Request Forgery (SSRF). An attacker can leverage the victim's session to force the WMS server to make unauthorized requests to internal or external systems, potentially leading to information disclosure or further compromise of the network.

Mitigation

Dell has addressed this vulnerability in WMS version 5.2 and recommends updating to that version or later ([1]). No workarounds are documented in the available references.