| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.8 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in Dell Wyse Management Suite up to 5.1. This affects an unknown function. The manipulation results in authorization. This vulnerability is reported as CVE-2025-36578. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.
Details
A vulnerability classified as problematic has been found in Dell Wyse Management Suite up to 5.1. Affected is an unknown functionality. The manipulation with an unknown input leads to a authorization vulnerability. CWE is classifying the issue as CWE-863. The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
The advisory is shared for download at dell.com. This vulnerability is traded as CVE-2025-36578 since 04/15/2025. The exploitability is told to be difficult. It is possible to launch the attack remotely. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 06/12/2025).
The vulnerability scanner Nessus provides a plugin with the ID 238309 (Dell Wyse Management Suite < 5.2 Multiple Vulnerabilities (DSA-2025-226)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 5.2 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (238309). Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.dell.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.8
VulDB Base Score: 5.0
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 6.8
CNA Vector (dell): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: AuthorizationCWE: CWE-863 / CWE-285 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 238309
Nessus Name: Dell Wyse Management Suite < 5.2 Multiple Vulnerabilities (DSA-2025-226)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Wyse Management Suite 5.2
Timeline
04/15/2025 🔍06/10/2025 🔍
06/10/2025 🔍
06/12/2025 🔍
Sources
Vendor: dell.comAdvisory: dsa-2025-226
Status: Confirmed
CVE: CVE-2025-36578 (🔍)
GCVE (CVE): GCVE-0-2025-36578
GCVE (VulDB): GCVE-100-312012
Entry
Created: 06/10/2025 19:54Updated: 06/12/2025 16:24
Changes: 06/10/2025 19:54 (63), 06/12/2025 16:24 (2)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.