Jul 17, 2025 Current Resources

Five new CVEs published for Cyberark Conjur OSS

Five new CVEs published for Cyberark Conjur OSS
oss-sec logo

oss-sec mailing list archives

From: Andy Tinkham <andy.tinkham () cyberark com>
Date: Wed, 16 Jul 2025 22:16:47 +0000
On July 15, 2025, CyberArk disclosed 5 vulnerabilities in our Conjur OSS product.

  *
CVE-2025-49827<https://www.cve.org/CVERecord?id=CVE-2025-49827> - Critical - Bypass of IAM Authenticator in Secrets 
Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS (GitHub 
Advisory<https://github.com/cyberark/conjur/security/advisories/GHSA-gmc5-9mpc-xg75>)
  *
CVE-2025-49828<https://www.cve.org/CVERecord?id=CVE-2025-49828> - High - Remote Code Execution in Secrets Manager, 
Self-Hosted (formerly Conjur Enterprise) and Conjur OSS (GitHub 
Advisory<https://github.com/cyberark/conjur/security/advisories/GHSA-93hx-v9pv-qrm4>)
  *
CVE-2025-49829<https://www.cve.org/CVERecord?id=CVE-2025-49829> - Medium - Missing validations in Secrets Manager, 

Self-Hosted (formerly Conjur Enterprise) and Conjur OSS (GitHub 
Advisory<https://github.com/cyberark/conjur/security/advisories/GHSA-9w76-m74g-4c2r>)
  *
CVE-2025-49830<https://www.cve.org/CVERecord?id=CVE-2025-49830> - High - Path traversal and file disclosure in Secrets 
Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS (GitHub 
Advisory<https://github.com/cyberark/conjur/security/advisories/GHSA-7m6h-fqrm-m9c5>)
  *
CVE-2025-49831<https://www.cve.org/CVERecord?id=CVE-2025-49831> - Critical - IAM Authenticator Bypass via 
Mis-configured Network Device in Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS (GitHub 
Advisory<https://github.com/cyberark/conjur/security/advisories/GHSA-952q-mjrf-wp5j>)
All users of Conjur OSS are encouraged to update to the 1.22.1 release, available on 
DockerHub<https://hub.docker.com/layers/cyberark/conjur/1.22.1/images/sha256-331fecd01c5a8a6179165bedba57b85f7cd1283b6b2a9a4f29fcb1e7a92580b3>
 and at the GitHub.com Conjur 1.22.1 release<https://github.com/cyberark/conjur/releases/tag/v1.22.1>.  These issues 
also affect our Secrets Manager, Self-Hosted (formerly Conjur Enterprise) product and have been disclosed to our 
customers in our security bulletin CA25-22<https://www.cyberark.com/CA25-22>.
For further information, please see our blog 
post<https://www.cyberark.com/resources/product-insights-blog/addressing-recent-vulnerabilities-and-our-commitment-to-security>.

Current thread:

  • Five new CVEs published for Cyberark Conjur OSS Andy Tinkham (Jul 16)

Recent Posts

3 min

Planning For A Financial Revival In 2025...
Planning For A Financial Revival In 2025
3 min

Drowning In Debt? How To Manage On A Dwindling Budget...
Drowning In Debt? How To Manage On A Dwindling Budget

Trending

20 min

WSP Announces Ambitious 2025-2027 Global Strategy and Renews...
WSP Announces Ambitious 2025-2027 Global Strategy and Renews Its Long-Term Vision
4 min

Netflix Considers A Bold New Play In The Creator Economy...
Netflix Considers A Bold New Play In The Creator Economy

Related Articles

WSP Announces Ambitious 2025-2027 Global Strategy and Renews...
WSP Announces Ambitious 2025-2027 Global Strategy and Renews Its Long-Term Vision

Netflix Considers A Bold New Play In The Creator Economy...
Netflix Considers A Bold New Play In The Creator Economy

Check On These Tax Credits Before Filing Your Return In 2024...
Check On These Tax Credits Before Filing Your Return In 2024

30 Free MOOCs For Teachers & Students...
30 Free MOOCs For Teachers & Students

SNAP Vs WIC For Food Assistance: What’s The Difference?...
SNAP Vs WIC For Food Assistance: What’s The Difference?

Planning For A Financial Revival In 2025...
Planning For A Financial Revival In 2025

Stay Informed

Get the best articles every day for FREE. Cancel anytime.