Severity
Medium
Analysis Summary
CVE-2025-29982 CVSS:6.8
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insecure Inherited Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
CVE-2025-29981 CVSS:7.5
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2025-27694 CVSS:5.3
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
CVE-2025-27693 CVSS:4.9
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
CVE-2025-27692 CVSS:4.7
Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution
Impact
- Denial of Service
- Gain Access
- Code Execution
- Cross-Site Scripting
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-29982
CVE-2025-29981
CVE-2025-27694
CVE-2025-27693
CVE-2025-27692
Affected Vendors
- Dell
Affected Products
- Dell Wyse Management Suite WMS 5.1
Remediation
Refer to Dell Security Advisory for patch, upgrade, or suggested workaround information.