CVE-2025-36574

{"id": "CVE-2025-36574", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2025-06-10T18:15:30.883", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000325679/dsa-2025-226", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-36"}]}], "descriptions": [{"lang": "en", "value": "Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access."}, {"lang": "es", "value": "Dell Wyse Management Suite, versiones anteriores a WMS 5.2, contiene una vulnerabilidad de Path Traversal absoluto. Un atacante no autenticado con acceso remoto podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la divulgaci\u00f3n de informaci\u00f3n y el acceso no autorizado."}], "lastModified": "2025-07-11T15:25:29.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:wyse_management_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E13E26-D252-4083-9724-7812D40AD432", "versionEndExcluding": "5.2"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}