Unrated severityNVD Advisory· Published Dec 10, 2025· Updated Dec 11, 2025

CVE-2025-52493

Description

PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from "password" to "text" using browser developer tools. This vulnerability is exploitable by administrative users who have access to the configuration page.

Affected products

PagerDuty/Runbookinferred
Range: <=2025-06-12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/carterross2/Vulnerability-Research/tree/main/CVE-2025-52493mitre
www.pagerduty.com/platform/automation/mitre
www.pagerduty.com/security/disclosure/mitre
www.praetorian.commitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000