CVE-2025-52493
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-52493, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-10

Last updated on: 2025-12-12

Assigner: MITRE

Description

PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from "password" to "text" using browser developer tools. This vulnerability is exploitable by administrative users who have access to the configuration page.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-10
Last Modified
2025-12-12
Generated
2026-07-06
AI Q&A
2025-12-10
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
pagerduty pagerduty *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in PagerDuty Runbook allows stored secrets to be exposed directly in the webpage DOM on the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by changing the input field type from "password" to "text" using browser developer tools. This can be exploited by administrative users who have access to the configuration page.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of sensitive secrets if an administrative user with access to the configuration page intentionally or accidentally reveals the stored secrets. This could compromise security by exposing credentials or other confidential information stored in the configuration.

Mitigation Strategies

Since the vulnerability exposes stored secrets in the webpage DOM on the configuration page accessible by administrative users, immediate mitigation steps include restricting administrative access to the configuration page, avoiding use of the affected PagerDuty Runbook versions through 2025-06-12, and monitoring for updates or patches from PagerDuty to fix this issue. Additionally, educate administrators to avoid revealing password fields by modifying input types in browser developer tools.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52493. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart