CVE-2025-49831
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-11-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cyberark | conjur | to 1.22.1 (exc) |
| cyberark | conjur | to 13.5.1 (exc) |
| cyberark | conjur | 13.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Secrets Manager, Self-Hosted installations that route traffic to AWS through a misconfigured network device. An attacker can exploit this misconfiguration to reroute authentication requests to a malicious server controlled by the attacker. This could allow the attacker to intercept or manipulate authentication traffic. The issue affects versions prior to 13.5.1 and 13.6.1 for Secrets Manager, Self-Hosted and prior to 1.22.1 for Conjur OSS. Fixed versions are 13.5.1, 13.6.1, and 1.22.1 respectively.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to intercept or redirect authentication requests, potentially leading to unauthorized access or compromise of authentication credentials. This could result in unauthorized access to sensitive secrets or systems managed by Secrets Manager, Self-Hosted.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Secrets Manager, Self-Hosted to version 13.5.1 or 13.6.1, or Conjur OSS to version 1.22.1 or later. Additionally, review and correct any misconfigured network devices that route traffic from Secrets Manager to AWS to prevent rerouting authentication requests to malicious servers.