CVE-2025-27582
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-07-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| one_identity | password_manager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Secure Password extension of One Identity Password Manager before version 5.14.4. It allows a local attacker with access to a locked workstation to escalate their privileges to SYSTEM level. The issue stems from a flawed security mechanism in the kiosk browser used to display the Password Self-Service site. The application tries to block privileged actions by overriding the window.print() function to disable the print dialog. However, an attacker can bypass this by using the Help function to navigate to a malicious webpage that restores and invokes the window.print() function. This triggers a SYSTEM-privileged print dialog, from which the attacker can exploit Windows features like Print to PDF or Add Printer wizard to open a command prompt with SYSTEM privileges, gaining full control over the device. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker with access to a locked workstation to gain SYSTEM-level privileges. This means the attacker can take full control of the affected device, bypassing all security restrictions, potentially installing malware, accessing sensitive data, or disrupting system operations. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the affected One Identity Password Manager version prior to 5.14.4 is in use, especially the Secure Password extension kiosk browser feature. Since the exploit involves JavaScript manipulation of the window.print() function via the Password Self-Service site accessed from the lock screen, monitoring for unusual kiosk browser activity or unexpected print dialog invocations could indicate exploitation attempts. Specific commands are not provided in the resources, but verifying the installed version of One Identity Password Manager and monitoring local workstation activity related to the kiosk browser and print dialogs is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading One Identity Password Manager to version 5.14.4 or later, where this vulnerability is fixed. Additionally, restricting access to the Password Self-Service site from the lock screen or disabling the kiosk browser feature until the patch is applied can reduce risk. Monitoring and limiting local access to locked workstations can also help prevent exploitation. [1]