CVE-2025-49829

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-49829
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/cyberark/conjur/releases/tag/v1.22.1 Release Notes
https://github.com/cyberark/conjur/security/advisories/GHSA-9w76-m74g-4c2r Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cyberark:conjur:*:*:*:*:open_source:*:*:*
cpe:2.3:a:cyberark:conjur:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:cyberark:conjur:13.6:*:*:*:enterprise:*:*:*
History

11 Sep 2025, 20:35

Type Values Removed Values Added
CPE cpe:2.3:a:cyberark:conjur:*:*:*:*:open_source:*:*:*
cpe:2.3:a:cyberark:conjur:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:cyberark:conjur:13.6:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
First Time Cyberark
Cyberark conjur
References () https://github.com/cyberark/conjur/releases/tag/v1.22.1 - () https://github.com/cyberark/conjur/releases/tag/v1.22.1 - Release Notes
References () https://github.com/cyberark/conjur/security/advisories/GHSA-9w76-m74g-4c2r - () https://github.com/cyberark/conjur/security/advisories/GHSA-9w76-m74g-4c2r - Vendor Advisory

16 Jul 2025, 14:59

Type Values Removed Values Added
Summary
  • (es) Conjur proporciona gestión de secretos e identidad de aplicaciones para la infraestructura. La falta de validaciones en Secrets Manager, Self-Hosted, permite a atacantes autenticados inyectar recursos en la base de datos y eludir las comprobaciones de permisos. Este problema afecta a Secrets Manager, Self-Hosted (anteriormente Conjur Enterprise) en versiones anteriores a la 13.5.1 y 13.6.1, y a Conjur OSS en versiones anteriores a la 1.22.1. Conjur OSS en la versión 1.22.1 y Secrets Manager, Self-Hosted en las versiones 13.5.1 y 13.6.1 solucionan el problema.

15 Jul 2025, 21:15

Type Values Removed Values Added
References
  • () https://github.com/cyberark/conjur/releases/tag/v1.22.1 -

15 Jul 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-15 20:15

Updated : 2025-09-11 20:35

NVD link : CVE-2025-49829

Mitre link : CVE-2025-49829

CVE.ORG link : CVE-2025-49829

JSON object : View

Products Affected

cyberark

  • conjur
CWE
CWE-862

Missing Authorization