CVE-2025-26817

Name of the Vulnerable Software and Affected Versions Netwrix Password Secure version 9.2.0.32454

Description The issue allows OS command injection, which can lead to authenticated remote code execution. This means an attacker could potentially execute system commands on a vulnerable system, allowing them to perform unauthorized actions. The estimated number of potentially affected devices worldwide is not specified. There is mention of real-world incidents where this issue was exploited, but details are not provided. Technical details about exploitation include the ability to inject OS commands, but specific API endpoints, vulnerable parameters, or function names are not mentioned.

Recommendations For Netwrix Password Secure version 9.2.0.32454, consider disabling any functionality that allows OS command execution until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation. Avoid using any features that may be vulnerable to OS command injection until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.