CVE-2025-49831

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-49831
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49831.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-49831
Aliases
  • GHSA-952q-mjrf-wp5j
Published
2025-07-15T20:10:35.367Z
Modified
2026-04-10T05:29:39.716977Z
Severity
  • 9.1 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device
Details

An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this issue can be actively exploited, though Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1 may be affected. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-287"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/49xxx/CVE-2025-49831.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/cyberark/conjur

Affected ranges

Type
GIT
Repo
https://github.com/cyberark/conjur
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
66b9accd4273440017670b68566998c7945fb113

Affected versions

1.*
1.2.0
Other
delete
v0.*
v0.2.0
v0.3.0
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.9.0
v1.*
v1.0.0
v1.0.1
v1.1.0
v1.1.1
v1.1.2
v1.10.0
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.12.0
v1.13.0
v1.13.1
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.16.0-2224
v1.16.0-2233
v1.16.0-2238
v1.16.0-2258
v1.16.0-2264
v1.16.0-2265
v1.16.0-2266
v1.16.0-2271
v1.16.0-2280
v1.16.0-2281
v1.16.0-2286
v1.17.0-2299
v1.17.1-2301
v1.17.1-2305
v1.17.1-2306
v1.17.1-2307
v1.17.1-2312
v1.17.1-2314
v1.17.2-2321
v1.17.2-2323
v1.17.2-2324
v1.17.2-2330
v1.17.2-2341
v1.17.2-2371
v1.17.2-2380
v1.17.2-2401
v1.17.2-2408
v1.17.2-2468
v1.17.2-2477
v1.17.3
v1.17.3-2478
v1.17.3-2484
v1.17.3-2498
v1.17.4-2500
v1.17.5-2503
v1.17.5-2515
v1.17.5-2521
v1.17.6
v1.17.6-2525
v1.17.6-2555
v1.17.6-2562
v1.17.6-2571
v1.17.6-2585
v1.17.7
v1.17.7-2648
v1.17.7-2653
v1.17.7-2670
v1.17.7-2695
v1.17.7-2705
v1.17.7-2710
v1.17.7-2766
v1.17.7-2782
v1.17.7-2785
v1.17.8-2829
v1.18.0
v1.18.0-2834
v1.18.0-2837
v1.18.0-2845
v1.18.0-2856
v1.18.0-2864
v1.18.0-2871
v1.18.0-2891
v1.18.0-2893
v1.18.0-2902
v1.18.1
v1.18.1-2924
v1.18.1-2928
v1.18.1-2953
v1.18.1-2957
v1.18.1-2961
v1.18.1-2963
v1.18.1-2969
v1.18.2
v1.18.2-3025
v1.18.2-3030
v1.18.3
v1.18.3-3057
v1.18.4
v1.18.4-3067
v1.18.5-3122
v1.18.5-3123
v1.18.5-3165
v1.18.5-3170
v1.18.5-3183
v1.18.5-3187
v1.19.0
v1.19.0-3227
v1.19.0-3228
v1.19.0-3239
v1.19.0-3243
v1.19.0-3276
v1.19.0-3290
v1.19.0-3292
v1.19.0-3294
v1.19.1
v1.19.1-3316
v1.19.1-3320
v1.19.1-3325
v1.19.1-3334
v1.19.1-3355
v1.19.1-3387
v1.19.1-3394
v1.19.1-3398
v1.19.2
v1.19.2-3426
v1.19.2-3431
v1.19.3
v1.19.3-3458
v1.19.3-3474
v1.19.3-3475
v1.19.3-3483
v1.19.3-3494
v1.19.3-3517
v1.19.3-3518
v1.19.3-3528
v1.19.3-3529
v1.19.3-3568
v1.19.3-3584
v1.19.3-3597
v1.19.3-3602
v1.19.3-3603
v1.19.3-3606
v1.19.3-3614
v1.19.3-3615
v1.19.3-3619
v1.19.3-3622
v1.19.3-3632
v1.19.3-3638
v1.19.3-3645
v1.19.3-3646
v1.19.3-3648
v1.19.3-3651
v1.19.3-3676
v1.19.3-3685
v1.19.3-3690
v1.19.4-3759
v1.19.4-3763
v1.19.5
v1.19.5-3765
v1.19.5-3796
v1.19.5-3797
v1.19.5-3798
v1.19.5-3859
v1.19.5-3864
v1.19.5-3900
v1.19.5-3903
v1.19.5-3905
v1.19.5-3906
v1.19.5-3911
v1.19.5-3915
v1.19.6-3948
v1.19.6-3949
v1.19.6-3954
v1.19.6-3955
v1.19.6-3960
v1.19.6-3961
v1.19.6-3968
v1.19.6-3969
v1.19.6-3974
v1.19.6-3979
v1.19.6-3984
v1.19.6-3985
v1.19.6-3989
v1.19.6-3990
v1.19.6-3994
v1.19.6-3999
v1.19.6-4000
v1.19.6-4003
v1.19.6-4004
v1.19.6-4016
v1.19.6-4019
v1.19.6-4023
v1.19.6-4027
v1.19.6-4037
v1.19.6-4038
v1.19.6-4040
v1.19.6-4041
v1.19.6-4045
v1.19.6-4046
v1.19.6-4050
v1.19.6-4056
v1.19.6-4060
v1.19.6-4061
v1.19.6-4065
v1.19.6-4066
v1.2.0
v1.20.0
v1.20.0-4069
v1.20.0-4071
v1.20.0-4072
v1.20.0-4076
v1.20.0-4077
v1.20.0-4083
v1.20.0-4088
v1.20.0-4095
v1.20.0-4104
v1.20.0-4105
v1.20.0-4107
v1.20.0-4115
v1.20.0-4125
v1.20.0-4126
v1.20.0-4127
v1.20.0-4131
v1.20.0-4132
v1.20.0-4153
v1.20.0-4157
v1.20.0-4161
v1.20.0-4164
v1.20.0-4177
v1.20.0-4180
v1.20.0-4183
v1.20.0-4187
v1.20.0-4191
v1.20.0-4198
v1.20.0-4212
v1.20.0-4214
v1.20.0-4218
v1.20.0-4219
v1.20.0-4222
v1.20.0-4223
v1.20.0-4224
v1.20.0-4229
v1.20.0-4230
v1.20.0-4231
v1.20.0-4238
v1.20.0-4249
v1.20.0-4250
v1.20.0-4255
v1.20.0-4256
v1.20.0-4262
v1.20.1-4353
v1.20.1-4362
v1.20.1-4368
v1.20.1-4372
v1.20.1-4377
v1.20.1-4378
v1.20.1-4383
v1.20.1-4385
v1.20.1-4395
v1.20.1-4400
v1.20.1-4404
v1.20.1-4405
v1.21.2
v1.21.3
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.4.0
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.6
v1.4.7
v1.5.0
v1.5.1
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.7.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49831.json"