PT-2025-51782 · Fortra · Fortra Core Privileged Access Manager+1

Published

2025-12-16

Updated

2025-12-17

CVE-2025-13532

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Fortra Core Privileged Access Manager (BoKS) versions 9.0

Description The Server Agent component of Fortra's Core Privileged Access Manager (BoKS) has insecure defaults that can lead to the selection of weak password hash algorithms. This issue impacts instances running BoKS Server Agent 9.0 that support yescrypt within a BoKS 8.1 domain.

Recommendations Ensure BoKS Server Agent 9.0 instances do not select weak password hash algorithms.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-916

Related Identifiers

CVE-2025-13532

Affected Products

Boks Server Agent

Fortra Core Privileged Access Manager

PT-2025-51782 · Fortra · Fortra Core Privileged Access Manager+1

CVE-2025-13532

Weakness Enumeration

Related Identifiers

Affected Products

References · 5