Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-49829

Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

Published

2025-07-15T20:15:40.093

Last Modified

2025-11-04T22:16:19.013

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cyberark	conjur	< 1.22.1	Yes
Application	cyberark	conjur	< 13.5.1	Yes
Application	cyberark	conjur	13.6	Yes

References

https://github.com/cyberark/conjur/releases/tag/v1.22.1 Release Notes ([email protected])
https://github.com/cyberark/conjur/security/advisories/GHSA-9w76-m74g-4c2r Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2025/07/16/7 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2025/08/08/1 (af854a3a-2127-422b-91ae-364da2661108)