The vulnerability is an improper link resolution before file access flaw in Dell Wyse Management Suite (WMS). An attacker with only low local privileges can craft a request that resolves maliciously constructed links, allowing the WMS component to read, delete, or overwrite files that the attacker is not authorized to access. Because the flaw lies in path resolution, it can be exploited by calling operations that resolve directory references that bypass normal security checks, leading to unauthorized information disclosure or modification of system files. The weakness is identified as CWE‑59, which indicates a path manipulation issue that can directly compromise confidentiality and integrity of data on the targeted device.

Dell Wyse Management Suite (WMS) versions prior to 2605 are affected. Any instance of WMS that has not been upgraded beyond version 2605 exposes users to this risk.

The CVSS score is 7.8, indicating a high severity. The EPSS score is not available, so the precise exploitation probability cannot be quantified, but the flaw has a moderate to high risk of exploitation because it requires only local access and no elevated privileges. The vulnerability is not included in the CISA KEV catalog, which suggests that it has not yet been widely exploited in the wild. Nevertheless, the local authorized attacker can achieve unauthorized file access, which could provide a foothold for further compromise if additional privileges exist on the system. The likely attack vector is local; the attacker must be able to access the WMS process on the host to trigger the link resolution flaw.