The Dell Wyse Management Suite contains an improper limitation of a pathname to a restricted directory vulnerability that can be leveraged by an attacker with high privileges to execute arbitrary code on the host. The weakness is a classic path‑traversal flaw (CWE‑22) that arises when untrusted input is resolved to a file location without sufficiently constraining the path. A successful exploitation could compromise the confidentiality, integrity, and availability of the managed systems, potentially allowing a remote attacker to install malware or perform further lateral movement within the environment.

This issue affects all Dell Wyse Management Suite releases prior to version 5.5 HF1. Systems running earlier builds are vulnerable; newer releases (starting with 5.5 HF1) contain the remediation. Only the WMS product is listed, and no additional affected vendors or products are identified.

The vulnerability has a CVSS score of 7.2, indicating a high severity. The EPSS score is currently unavailable, so an exact exploitation probability cannot be quantified, but the absence of a low EPSS score suggests that the risk profile relies heavily on the presence of a high‑privileged remote attacker. The vulnerability is not listed in CISA’s KEV catalog. An attacker that can connect remotely to the Management Suite and possesses elevated privileges could exploit the path traversal to execute code, as described in the advisory. No known public exploits are reported, but the potential remains if configuration or privilege controls are lax.