QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-49829

Back to search

CVE-2025-49829

Published: Jul 15, 2025

Modified: Nov 4, 2025

PUBLISHED

Description

Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

VendorProductVersions

cyberark

conjur

affected
Conjur OSS < 1.22.1
affected
Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) < 13.5.1
affected
Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) = 13.6

Weaknesses (CWE)

CWE-862

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now