Platform
other
Component
wyse-management-suite
Fixed in
5.2
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Dell Wyse Management Suite versions prior to 5.2. This vulnerability allows a remote, high-privileged attacker to potentially exploit the system, leading to server-side request forgery. Affected versions include those equal to or less than 5.2. Dell has released version 5.2 to address this issue.
The CSRF vulnerability in Wyse Management Suite allows an attacker to trick a legitimate user into unknowingly executing malicious requests on their behalf. This can lead to unauthorized changes to the Wyse Management Suite configuration, potentially granting the attacker control over managed devices. Successful exploitation could involve modifying device settings, installing malicious software, or exfiltrating sensitive data stored within the management suite. The blast radius extends to all devices managed by the vulnerable instance of Wyse Management Suite, making it a significant risk for organizations relying on centralized device management.
This vulnerability has a LOW CVSS score of 2.7. No public proof-of-concept (POC) code has been released as of the publication date. It is not currently listed on the CISA KEV catalog. Given the relatively low CVSS score and lack of public exploits, the immediate risk of active exploitation is considered low, but proactive patching is still recommended.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-36576 is to upgrade to Dell Wyse Management Suite version 5.2 or later. If immediate upgrading is not possible, implement strict input validation on all user-supplied data to prevent malicious requests. Consider implementing CSRF tokens on sensitive actions within the Wyse Management Suite interface. Web application firewalls (WAFs) configured to detect and block CSRF attacks can provide an additional layer of defense. Regularly review access logs for suspicious activity.
Update Dell Wyse Management Suite to version 5.2 or later. This update addresses the CSRF vulnerability. See the Dell security advisory for more details and upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-36576 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Dell Wyse Management Suite versions 5.2 and earlier, allowing attackers to perform server-side request forgery.
You are affected if you are using Dell Wyse Management Suite version 5.2 or earlier. Upgrade to version 5.2 to mitigate the risk.
Upgrade to Dell Wyse Management Suite version 5.2 or later. Implement input validation and CSRF tokens as interim measures.
There are currently no reports of active exploitation, but proactive patching is still recommended.
Refer to the official Dell Security Advisory for CVE-2025-36576 on the Dell Support website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.