VYPR

Secrets Manager, Self-Hosted

by Cyber Ark

CVEs (2)

  • CVE-2025-49831CriJul 15, 2025
    risk 0.57cvss 9.8epss 0.01

    An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few…

  • CVE-2026-45178HigJun 11, 2026
    risk 0.55cvss epss 0.00

    Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets…