CVE-2025-5141
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Fortra | Core Privileged Access Manager (BoKS) | 0 <= 7.2.0.17 | affected |
| Fortra | Core Privileged Access Manager (BoKS) | 0 <= 8.1.0.22 | affected |
| Fortra | Core Privileged Access Manager (BoKS) | 0 <= 8.1.1.7 | affected |
| Fortra | Core Privileged Access Manager (BoKS) | 0 <= 9.0.0.1 | affected |
Weaknesses
- CWE-524: CWE-524: Use of Cache Containing Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.