Search criteria
10 vulnerabilities found for Endpoint Privilege Manager by CyberArk
CVE-2025-22274 (GCVE-0-2025-22274)
Vulnerability from cvelistv5 – Published: 2025-02-28 12:34 – Updated: 2025-03-12 19:50
VLAI?
Summary
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page.
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
Severity ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | Endpoint Privilege Manager |
Affected:
24.7.1
|
Credits
Karol Mazurek (Afine Team)
Maksymilian Kubiak (Afine Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T13:01:22.657029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T19:50:46.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"SaaS"
],
"product": "Endpoint Privilege Manager",
"vendor": "CyberArk",
"versions": [
{
"status": "affected",
"version": "24.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"type": "finder",
"value": "Maksymilian Kubiak (Afine Team)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIt is possible to inject HTML code into the page content using the \"content\" field in the \"Application definition\" page.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects\u0026nbsp;CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u0026nbsp;After multiple attempts to contact the vendor we did not receive any answer.\u003c/p\u003e"
}
],
"value": "It is possible to inject HTML code into the page content using the \"content\" field in the \"Application definition\" page.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:53:46.747Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"product"
],
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "HTML injection in CyberArk Endpoint Privilege Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-22274",
"datePublished": "2025-02-28T12:34:08.548Z",
"dateReserved": "2025-01-02T13:12:19.642Z",
"dateUpdated": "2025-03-12T19:50:46.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22273 (GCVE-0-2025-22273)
Vulnerability from cvelistv5 – Published: 2025-02-28 12:33 – Updated: 2025-03-05 15:53
VLAI?
Summary
Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use.
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | Endpoint Privilege Manager |
Affected:
24.7.1
|
Credits
Karol Mazurek (Afine Team)
Maksymilian Kubiak (Afine Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T13:02:35.188402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T13:02:49.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"SaaS"
],
"product": "Endpoint Privilege Manager",
"vendor": "CyberArk",
"versions": [
{
"status": "affected",
"version": "24.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"type": "finder",
"value": "Maksymilian Kubiak (Afine Team)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApplication does not limit the number or frequency of user interactions, such as the number of incoming requests. At the \"/EPMUI/VfManager.asmx/ChangePassword\" endpoint it is possible to perform a brute force attack on the current password in use.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects\u0026nbsp;CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u0026nbsp;After multiple attempts to contact the vendor we did not receive any answer.\u003c/p\u003e"
}
],
"value": "Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the \"/EPMUI/VfManager.asmx/ChangePassword\" endpoint it is possible to perform a brute force attack on the current password in use.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:53:23.083Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"product"
],
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-22273",
"datePublished": "2025-02-28T12:33:41.107Z",
"dateReserved": "2025-01-02T13:12:19.642Z",
"dateUpdated": "2025-03-05T15:53:23.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22272 (GCVE-0-2025-22272)
Vulnerability from cvelistv5 – Published: 2025-02-28 12:33 – Updated: 2025-03-05 15:53
VLAI?
Summary
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | Endpoint Privilege Manager |
Affected:
24.7.1
|
Credits
Karol Mazurek (Afine Team)
Maksymilian Kubiak (Afine Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T13:05:11.207428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T13:05:20.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"SaaS"
],
"product": "Endpoint Privilege Manager",
"vendor": "CyberArk",
"versions": [
{
"status": "affected",
"version": "24.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"type": "finder",
"value": "Maksymilian Kubiak (Afine Team)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn the \"/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg\" endpoint, it is possible to inject code in the \"modalDlgMsgInternal\" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects\u0026nbsp;CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u0026nbsp;After multiple attempts to contact the vendor we did not receive any answer.\u003c/p\u003e"
}
],
"value": "In the \"/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg\" endpoint, it is possible to inject code in the \"modalDlgMsgInternal\" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:53:02.771Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"product"
],
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Self Reflected XSS in CyberArk Endpoint Privilege Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-22272",
"datePublished": "2025-02-28T12:33:25.143Z",
"dateReserved": "2025-01-02T13:12:19.641Z",
"dateUpdated": "2025-03-05T15:53:02.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22271 (GCVE-0-2025-22271)
Vulnerability from cvelistv5 – Published: 2025-02-28 12:32 – Updated: 2025-03-05 15:49
VLAI?
Summary
The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
Severity ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | Endpoint Privilege Manager |
Affected:
24.7.1
|
Credits
Karol Mazurek (Afine Team)
Maksymilian Kubiak (Afine Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T13:05:53.982814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T13:06:10.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"SaaS"
],
"product": "Endpoint Privilege Manager",
"vendor": "CyberArk",
"versions": [
{
"status": "affected",
"version": "24.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"type": "finder",
"value": "Maksymilian Kubiak (Afine Team)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe application or its infrastructure allows for IP address spoofing by providing its own value in the \"X-Forwarded-For\" header. Thus, the action logging mechanism in the application loses\u0026nbsp;accountability\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects\u0026nbsp;CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u0026nbsp;After multiple attempts to contact the vendor we did not receive any answer.\u003c/p\u003e"
}
],
"value": "The application or its infrastructure allows for IP address spoofing by providing its own value in the \"X-Forwarded-For\" header. Thus, the action logging mechanism in the application loses\u00a0accountability\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
],
"impacts": [
{
"capecId": "CAPEC-151",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-151 Identity Spoofing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:49:31.652Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"product"
],
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "IP Spoofing in CyberArk Endpoint Privilege Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-22271",
"datePublished": "2025-02-28T12:32:55.955Z",
"dateReserved": "2025-01-02T13:12:19.641Z",
"dateUpdated": "2025-03-05T15:49:31.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22270 (GCVE-0-2025-22270)
Vulnerability from cvelistv5 – Published: 2025-02-28 12:32 – Updated: 2025-03-05 15:48
VLAI?
Summary
An attacker with access to the Administration panel, specifically the "Role Management"
tab, can
inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the
required additional error that allows bypassing the Content-Security-Policy policy, which
mitigates JS code execution while still allowing HTML injection.
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | Endpoint Privilege Manager |
Affected:
24.7.1
|
Credits
Karol Mazurek (Afine Team)
Maksymilian Kubiak (Afine Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T13:06:34.047496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T13:06:46.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"SaaS"
],
"product": "Endpoint Privilege Manager",
"vendor": "CyberArk",
"versions": [
{
"status": "affected",
"version": "24.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"type": "finder",
"value": "Maksymilian Kubiak (Afine Team)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker with access to the Administration panel, specifically the \"Role Management\"\ntab, can\ninject code by adding a new role in the \"name\" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the\nrequired additional error that allows bypassing the Content-Security-Policy policy, which\nmitigates JS code execution while still allowing HTML injection.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects\u0026nbsp;CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u0026nbsp;After multiple attempts to contact the vendor we did not receive any answer.\u003c/p\u003e"
}
],
"value": "An attacker with access to the Administration panel, specifically the \"Role Management\"\ntab, can\ninject code by adding a new role in the \"name\" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the\nrequired additional error that allows bypassing the Content-Security-Policy policy, which\nmitigates JS code execution while still allowing HTML injection.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:48:53.149Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"product"
],
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Stored XSS in CyberArk Endpoint Privilege Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-22270",
"datePublished": "2025-02-28T12:32:33.243Z",
"dateReserved": "2025-01-02T13:12:19.641Z",
"dateUpdated": "2025-03-05T15:48:53.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22274 (GCVE-0-2025-22274)
Vulnerability from nvd – Published: 2025-02-28 12:34 – Updated: 2025-03-12 19:50
VLAI?
Summary
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page.
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
Severity ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | Endpoint Privilege Manager |
Affected:
24.7.1
|
Credits
Karol Mazurek (Afine Team)
Maksymilian Kubiak (Afine Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T13:01:22.657029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T19:50:46.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"SaaS"
],
"product": "Endpoint Privilege Manager",
"vendor": "CyberArk",
"versions": [
{
"status": "affected",
"version": "24.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"type": "finder",
"value": "Maksymilian Kubiak (Afine Team)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIt is possible to inject HTML code into the page content using the \"content\" field in the \"Application definition\" page.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects\u0026nbsp;CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u0026nbsp;After multiple attempts to contact the vendor we did not receive any answer.\u003c/p\u003e"
}
],
"value": "It is possible to inject HTML code into the page content using the \"content\" field in the \"Application definition\" page.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:53:46.747Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"product"
],
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "HTML injection in CyberArk Endpoint Privilege Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-22274",
"datePublished": "2025-02-28T12:34:08.548Z",
"dateReserved": "2025-01-02T13:12:19.642Z",
"dateUpdated": "2025-03-12T19:50:46.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22273 (GCVE-0-2025-22273)
Vulnerability from nvd – Published: 2025-02-28 12:33 – Updated: 2025-03-05 15:53
VLAI?
Summary
Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use.
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | Endpoint Privilege Manager |
Affected:
24.7.1
|
Credits
Karol Mazurek (Afine Team)
Maksymilian Kubiak (Afine Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T13:02:35.188402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T13:02:49.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"SaaS"
],
"product": "Endpoint Privilege Manager",
"vendor": "CyberArk",
"versions": [
{
"status": "affected",
"version": "24.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"type": "finder",
"value": "Maksymilian Kubiak (Afine Team)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eApplication does not limit the number or frequency of user interactions, such as the number of incoming requests. At the \"/EPMUI/VfManager.asmx/ChangePassword\" endpoint it is possible to perform a brute force attack on the current password in use.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects\u0026nbsp;CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u0026nbsp;After multiple attempts to contact the vendor we did not receive any answer.\u003c/p\u003e"
}
],
"value": "Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the \"/EPMUI/VfManager.asmx/ChangePassword\" endpoint it is possible to perform a brute force attack on the current password in use.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:53:23.083Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"product"
],
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-22273",
"datePublished": "2025-02-28T12:33:41.107Z",
"dateReserved": "2025-01-02T13:12:19.642Z",
"dateUpdated": "2025-03-05T15:53:23.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22272 (GCVE-0-2025-22272)
Vulnerability from nvd – Published: 2025-02-28 12:33 – Updated: 2025-03-05 15:53
VLAI?
Summary
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | Endpoint Privilege Manager |
Affected:
24.7.1
|
Credits
Karol Mazurek (Afine Team)
Maksymilian Kubiak (Afine Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T13:05:11.207428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T13:05:20.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"SaaS"
],
"product": "Endpoint Privilege Manager",
"vendor": "CyberArk",
"versions": [
{
"status": "affected",
"version": "24.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"type": "finder",
"value": "Maksymilian Kubiak (Afine Team)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn the \"/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg\" endpoint, it is possible to inject code in the \"modalDlgMsgInternal\" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects\u0026nbsp;CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u0026nbsp;After multiple attempts to contact the vendor we did not receive any answer.\u003c/p\u003e"
}
],
"value": "In the \"/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg\" endpoint, it is possible to inject code in the \"modalDlgMsgInternal\" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:53:02.771Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"product"
],
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Self Reflected XSS in CyberArk Endpoint Privilege Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-22272",
"datePublished": "2025-02-28T12:33:25.143Z",
"dateReserved": "2025-01-02T13:12:19.641Z",
"dateUpdated": "2025-03-05T15:53:02.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22271 (GCVE-0-2025-22271)
Vulnerability from nvd – Published: 2025-02-28 12:32 – Updated: 2025-03-05 15:49
VLAI?
Summary
The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
Severity ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | Endpoint Privilege Manager |
Affected:
24.7.1
|
Credits
Karol Mazurek (Afine Team)
Maksymilian Kubiak (Afine Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T13:05:53.982814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T13:06:10.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"SaaS"
],
"product": "Endpoint Privilege Manager",
"vendor": "CyberArk",
"versions": [
{
"status": "affected",
"version": "24.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"type": "finder",
"value": "Maksymilian Kubiak (Afine Team)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe application or its infrastructure allows for IP address spoofing by providing its own value in the \"X-Forwarded-For\" header. Thus, the action logging mechanism in the application loses\u0026nbsp;accountability\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects\u0026nbsp;CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u0026nbsp;After multiple attempts to contact the vendor we did not receive any answer.\u003c/p\u003e"
}
],
"value": "The application or its infrastructure allows for IP address spoofing by providing its own value in the \"X-Forwarded-For\" header. Thus, the action logging mechanism in the application loses\u00a0accountability\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
],
"impacts": [
{
"capecId": "CAPEC-151",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-151 Identity Spoofing"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:49:31.652Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"product"
],
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "IP Spoofing in CyberArk Endpoint Privilege Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-22271",
"datePublished": "2025-02-28T12:32:55.955Z",
"dateReserved": "2025-01-02T13:12:19.641Z",
"dateUpdated": "2025-03-05T15:49:31.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22270 (GCVE-0-2025-22270)
Vulnerability from nvd – Published: 2025-02-28 12:32 – Updated: 2025-03-05 15:48
VLAI?
Summary
An attacker with access to the Administration panel, specifically the "Role Management"
tab, can
inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the
required additional error that allows bypassing the Content-Security-Policy policy, which
mitigates JS code execution while still allowing HTML injection.
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| CyberArk | Endpoint Privilege Manager |
Affected:
24.7.1
|
Credits
Karol Mazurek (Afine Team)
Maksymilian Kubiak (Afine Team)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T13:06:34.047496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T13:06:46.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"SaaS"
],
"product": "Endpoint Privilege Manager",
"vendor": "CyberArk",
"versions": [
{
"status": "affected",
"version": "24.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"type": "finder",
"value": "Maksymilian Kubiak (Afine Team)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker with access to the Administration panel, specifically the \"Role Management\"\ntab, can\ninject code by adding a new role in the \"name\" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the\nrequired additional error that allows bypassing the Content-Security-Policy policy, which\nmitigates JS code execution while still allowing HTML injection.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects\u0026nbsp;CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u0026nbsp;After multiple attempts to contact the vendor we did not receive any answer.\u003c/p\u003e"
}
],
"value": "An attacker with access to the Administration panel, specifically the \"Role Management\"\ntab, can\ninject code by adding a new role in the \"name\" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the\nrequired additional error that allows bypassing the Content-Security-Policy policy, which\nmitigates JS code execution while still allowing HTML injection.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T15:48:53.149Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"tags": [
"product"
],
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Stored XSS in CyberArk Endpoint Privilege Manager",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-22270",
"datePublished": "2025-02-28T12:32:33.243Z",
"dateReserved": "2025-01-02T13:12:19.641Z",
"dateUpdated": "2025-03-05T15:48:53.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}