Dell Wyse Management Suite, Versionen vor WMS 5.2, enthalten eine Cross-Site Request Forgery (CSRF) Schwachstelle. Ein Angreifer mit hohen Rechten und Remote-Zugriff könnte diese Schwachstelle potenziell ausnutzen.

The CSRF vulnerability allows an attacker to trick a legitimate user into unknowingly executing malicious actions on the Wyse Management Suite server. This could involve unauthorized configuration changes, data manipulation, or other actions that the attacker can trigger through crafted requests. The impact is amplified if the attacker can impersonate a user with high privileges within the management suite, granting them broader control over the system. While the CVSS score is LOW, the potential for server-side request forgery highlights the need for mitigation, especially in environments with sensitive data or critical infrastructure managed by Wyse Management Suite.

Organizations utilizing Dell Wyse Management Suite for centralized device management are at risk, particularly those running versions prior to 5.2. Environments with limited network segmentation or where user accounts have elevated privileges are especially vulnerable.

1. 2025-06-10Disclosure

   disclosure

1. Reserviert2025-04-15
2. Veröffentlicht2025-06-10
3. EPSS aktualisiert2026-03-23

The primary mitigation for CVE-2025-36576 is to upgrade Dell Wyse Management Suite to version 5.2 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing stricter input validation and output encoding on all user-supplied data to prevent the injection of malicious scripts. Implementing robust access controls and multi-factor authentication can also help limit the potential impact of a successful CSRF attack. Regularly review and audit user permissions to ensure least privilege access.