PT-2025-29613 · Cyberark · Secrets Manager+1
Shahar Tal
+1
·
Published
2025-07-15
·
Updated
2025-08-08
·
CVE-2025-49828
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Conjur OSS versions 1.19.5 through 1.21.1
Secrets Manager, Self-Hosted versions 13.1 through 13.4.1
Description
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could exploit an exposed API endpoint to execute arbitrary Ruby code within the Secrets Manager process. This issue affects both Secrets Manager, Self-Hosted and Conjur OSS.
Recommendations
Update Conjur OSS to version 1.21.2 or later.
Update Secrets Manager, Self-Hosted to version 13.5 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Conjur Oss
Secrets Manager