Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: CyberArk fixes several serious vulnerabilities in its products that could lead to remote code execution (RCE). Patch Immediately!
Image
Gepubliceerd : 08/08/2025
* Last update: 08/08/2025
* Affected software:: CyberArk Secrets Manager: Self-Hosted (formerly Conjur Enterprise) and Conjur OSS
* Type:
→ IAM Authenticator Bypass
→ Remote Code Execution (RCE)
→ Path traversal and file disclosure
→ Missing validations
* CVE/CVSS
→ CVE-2025-49827: CVSS 9.1 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)
→ CVE-2025-49831: CVSS 9.1 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)
→ CVE-2025-49828: CVSS 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
→ CVE-2025-49830: CVSS 7.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)
→ CVE-2025-49829: CVSS 6.0 (CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
Sources
Risks
CVE-2025-49827, CVE-2025-49831 (both IAM authentication bypass), CVE-2025-49828 (remote code execution), CVE-2025-49830 (information disclosure), and CVE-2025-49829 (missing validations) are affecting Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS.
Combining these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on the targeted system without requiring a password, token, or AWS credentials.
Description
CVE-2025-49827 is a critical IAM authentication bypass vulnerability. Exploiting this vulnerability could allow a remote attacker who can manipulate the headers signed by AWS can take advantage of a malformed regular expression to redirect the authentication validation request that Secrets Manager, Self-Hosted sends to AWS to a malicious server controlled by the attacker.
The critical vulnerability, CVE-2025-49831, is also IAM authenticator bypass via misconfigured network device in Secrets Manager, Self-Hosted and Conjur OSS. Successful exploitation of this vulnerability could allow an attacker to reroute authentication requests to a malicious server under the attacker’s control.
CVE-2025-49828 is remote code execution (RCE) vulnerability. An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could take advantage of an exposed API endpoint to execute arbitrary code within the Secrets Manager process.
CVE-2025-49830 is a path traversal and file disclosure vulnerability. An authenticated attacker who is capable to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references can be used as reconnaissance purpose to better understand the folder structure of the Secrets Manager/Conjur server or to have the yaml parser to include files on the server in the yaml that is processed as the policy loads.
Missing validations vulnerability, CVE-2025-49829, in Secrets Manager, Self-Hosted allows an authenticated attacker to inject resources into the database and to bypass permission checks.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
GitHub https://github.com/cyberark/conjur/security/advisories/GHSA-952q-mjrf-wp5j
GitHub https://github.com/cyberark/conjur/security/advisories/GHSA-gmc5-9mpc-xg75
GitHub https://github.com/cyberark/conjur/security/advisories/GHSA-93hx-v9pv-qrm4
GitHub https://github.com/cyberark/conjur/security/advisories/GHSA-7m6h-fqrm-m9c5
GitHub https://github.com/cyberark/conjur/security/advisories/GHSA-9w76-m74g-4c2r