CVE-2025-49831 – CyberArk Secrets Manager, Self-Hosted Man-in-the-Middle Attack

July 16, 2025

CVE ID : CVE-2025-49831

Published : July 15, 2025, 9:15 p.m. | 5 hours, 38 minutes ago

Description : An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this issue can be actively exploited, though Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1 may be affected. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49833 – GPT-SoVITS-WebUI Command Injection Vulnerability

Next Article CVE-2025-30761 – Oracle Java SE, Oracle GraalVM Enterprise Edition Scripting Remote Code Execution Vulnerability

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

Oblivion Remastered and Metal Gear Solid Delta co-developer Virtuos faces layoffs — with 270 workers cut

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

CVE-2025-49831 – CyberArk Secrets Manager, Self-Hosted Man-in-the-Middle Attack

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

SWE-Bench Performance Reaches 50.8% Without Tool Use: A Case for Monolithic State-in-Context Agents

“We pitched it for 10 years and we weren’t sure if it was going to go into orbit” — Discussing ‘A Minecraft Movie’ as it breaks records on the way to streaming

HPE Insight Remote Support Vulnerability Let Attackers Execute Remote Code

DART: Denoising Autoregressive Transformer for Scalable Text-to-Image Generation

CVE-2025-6879 – “SourceCodester Best Salon Management System SQL Injection”

CVE-2025-37993 – Linux Kernel: CAN: Uninitialized Spin Lock in m_can_class_allocate_dev

CVE-2025-23395 – Screen Root Privilege Escalation Vulnerability

CVE-2025-3876 – WooCommerce WordPress Privilege Escalation Vulnerability

CVE-2025-49831 – CyberArk Secrets Manager, Self-Hosted Man-in-the-Middle Attack

Related Posts