Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache

FI-2025-008 - Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache

Severity

Medium

Published Date

17-Jun-2025

Updated Date

17-Jun-2025

Vulnerabilities

CVE-2025-5141

Notes

Description

A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache.

Vulnerabilities

Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache

Severity

Medium

CVE

CVE-2025-5141

CWE

CWE-524:Use of Cache Containing Sensitive Information

Discovery Date

17-Nov-2023

CSSv3.1

5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products

versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474

Vulnerability Notes

Remediation: Vendor Fix

Upgrade to the latest patched version or hotfix

References

()

References

CVE-2025-5141

Acknowledgements

Fortra would like to thank the following individuals:

Maciej Grabiec , ING Hubs Poland

Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache

FI-2025-008 - Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache

Notes

Vulnerabilities

Vulnerability Notes

References

References

Acknowledgements

Privacy Policy

Cookie Policy

Accessibility

Impressum