Search criteria
2 vulnerabilities found for CyberArk Secure Web Sessions Extension by CyberArk
CVE-2025-13762 (GCVE-0-2025-13762)
Vulnerability from cvelistv5 – Published: 2025-11-27 02:50 – Updated: 2025-12-03 16:25
VLAI?
Summary
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | CyberArk Secure Web Sessions Extension |
Affected:
0 , < 2.2.30305
(custom)
|
Credits
Benjamen Lim
Goh Jing Loon
Sean Seah
Tan Inn Fung
Zhang Bosen
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T16:25:14.720836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T16:25:21.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Chrome",
"Edge"
],
"product": "CyberArk Secure Web Sessions Extension",
"vendor": "CyberArk",
"versions": [
{
"lessThan": "2.2.30305",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Benjamen Lim"
},
{
"lang": "en",
"type": "finder",
"value": "Goh Jing Loon"
},
{
"lang": "en",
"type": "finder",
"value": "Sean Seah"
},
{
"lang": "en",
"type": "finder",
"value": "Tan Inn Fung"
},
{
"lang": "en",
"type": "finder",
"value": "Zhang Bosen"
}
],
"datePublic": "2025-11-27T02:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.\u003cp\u003eThis issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "ATTACKED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T06:03:49.612Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://chromewebstore.google.com/detail/cyberark-secure-web-sessi/ohfinlfcbaehgokpmkjcmkgdcbgamgln?hl=en"
},
{
"url": "https://microsoftedge.microsoft.com/addons/detail/cyberark-secure-web-sessi/gmfjibhpaliafbemoifjjdkmgaknhohb?hl=en-US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate SWS extension to v2.2.30305 or newer\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update SWS extension to v2.2.30305 or newer"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-13762",
"datePublished": "2025-11-27T02:50:03.874Z",
"dateReserved": "2025-11-27T02:49:11.941Z",
"dateUpdated": "2025-12-03T16:25:21.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13762 (GCVE-0-2025-13762)
Vulnerability from nvd – Published: 2025-11-27 02:50 – Updated: 2025-12-03 16:25
VLAI?
Summary
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | CyberArk Secure Web Sessions Extension |
Affected:
0 , < 2.2.30305
(custom)
|
Credits
Benjamen Lim
Goh Jing Loon
Sean Seah
Tan Inn Fung
Zhang Bosen
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T16:25:14.720836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T16:25:21.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Chrome",
"Edge"
],
"product": "CyberArk Secure Web Sessions Extension",
"vendor": "CyberArk",
"versions": [
{
"lessThan": "2.2.30305",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Benjamen Lim"
},
{
"lang": "en",
"type": "finder",
"value": "Goh Jing Loon"
},
{
"lang": "en",
"type": "finder",
"value": "Sean Seah"
},
{
"lang": "en",
"type": "finder",
"value": "Tan Inn Fung"
},
{
"lang": "en",
"type": "finder",
"value": "Zhang Bosen"
}
],
"datePublic": "2025-11-27T02:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.\u003cp\u003eThis issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "ATTACKED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T06:03:49.612Z",
"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"shortName": "GovTech CSG"
},
"references": [
{
"url": "https://chromewebstore.google.com/detail/cyberark-secure-web-sessi/ohfinlfcbaehgokpmkjcmkgdcbgamgln?hl=en"
},
{
"url": "https://microsoftedge.microsoft.com/addons/detail/cyberark-secure-web-sessi/gmfjibhpaliafbemoifjjdkmgaknhohb?hl=en-US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate SWS extension to v2.2.30305 or newer\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update SWS extension to v2.2.30305 or newer"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
"assignerShortName": "GovTech CSG",
"cveId": "CVE-2025-13762",
"datePublished": "2025-11-27T02:50:03.874Z",
"dateReserved": "2025-11-27T02:49:11.941Z",
"dateUpdated": "2025-12-03T16:25:21.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}