Unrated severityNVD Advisory· Published Jul 15, 2025· Updated Nov 4, 2025

Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations

CVE-2025-49829

Description

Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

Affected products

Cyber Ark/Secrets Manager, Self-Hostedllm-fuzzy
Range: <13.5.1, <13.6.1
Cyber Ark/Conjur OSSllm-fuzzy
Range: <1.22.1
cyberark/conjurv5
Range: Conjur OSS < 1.22.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cyberark/conjur/releases/tag/v1.22.1mitrex_refsource_MISC
github.com/cyberark/conjur/security/advisories/GHSA-9w76-m74g-4c2rmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000