CVE-2025-49831

Critical CVSS: 9.1

An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this issue can be actively exploited, though Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1 may be affected. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

Vendor

Cyberark

Product

Conjur

CWE

CWE-287

Yayın Tarihi

2025-07-15 21:15:31

Güncelleme

2025-11-04 22:16:19

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-287 Conjur CRITICAL Cyberark 2025

Referanslar

https://github.com/cyberark/conjur/releases/tag/v1.22.1 https://github.com/cyberark/conjur/security/advisories/GHSA-952q-mjrf-wp5j http://www.openwall.com/lists/oss-security/2025/07/16/7 http://www.openwall.com/lists/oss-security/2025/08/08/1

Benzer Kayıtlar

High

CVE-2026-2914

CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation le…

High

CVE-2025-66374

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through po…

Medium

CVE-2025-49829

Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager,…

High

CVE-2025-49830

Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to…

Critical

CVE-2025-49827

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.…

High

CVE-2025-49828

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.…