CVE-2025-13532
Unknown Unknown - Not Provided

Weak Password Hash Algorithm in Fortra BoKS Server Agent

Vulnerability report for CVE-2025-13532, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-16

Last updated on: 2025-12-16

Assigner: Fortra

Description

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. Β This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-16
Last Modified
2025-12-16
Generated
2026-07-06
AI Q&A
2025-12-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
fortra core_privileged_access_manager 8.1
fortra core_privileged_access_manager 9.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-916 The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves insecure default settings in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS). Specifically, it can cause the system to select weak password hash algorithms, which reduces the security of stored passwords. It affects BoKS Server Agent 9.0 instances that support yescrypt and operate within a BoKS 8.1 domain.

Impact Analysis

The impact of this vulnerability is that weak password hash algorithms may be used, making it easier for attackers with local access to compromise password hashes. This can lead to unauthorized access to privileged accounts or sensitive systems, potentially resulting in data breaches or other security incidents.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13532. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart