CVE-2025-49831
Published: Jul 15, 2025
Modified: Nov 4, 2025
Description
An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this issue can be actively exploited, though Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1 may be affected. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.
| Vendor | Product | Versions |
|---|---|---|
cyberark | conjur | affected Conjur OSS < 1.22.1affected Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) < 13.5.1affected Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) = 13.6 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now