CVE-2020-25374
Description
CyberArk PSM 10.9.0.15 discloses internal pathnames via an error popup after two hours of idle time.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CyberArk PSM 10.9.0.15 discloses internal pathnames via an error popup after two hours of idle time.
Vulnerability
In CyberArk Privileged Session Manager (PSM) version 10.9.0.15, an error popup message that appears after two hours of idle time reveals internal pathnames. This is a result of insufficient error handling that exposes sensitive file system information.
Exploitation
An attacker who is able to access a PSM session and leave it idle for two hours will trigger the error popup. No authentication is required beyond the initial session access. The attacker can then read the internal pathnames displayed in the popup message.
Impact
Successful exploitation leads to information disclosure of internal pathnames, exposing the directory structure of the server. This information can be used to plan further attacks, such as path traversal or privilege escalation.
Mitigation
As of the publication date (2020-10-28), no official fix or workaround has been disclosed in the provided references. Users should consult CyberArk support for potential updates or apply vendor recommendations if available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- CyberArk/Privileged Session Managerdescription
- Range: =10.9.0.15
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
0No linked articles in our index yet.