Description

An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity’s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.

INFO

Published Date :

2026-04-07T22:33:05.356Z

Last Modified :

2026-04-08T15:16:29.865Z

Source :

Ping Identity
AFFECTED PRODUCTS

The following products are affected by CVE-2025-20628 vulnerability.

Vendors Products
Pingidentity
  • Pingidm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-20628.

URL Resource
https://backstage.forgerock.com/knowledge/advisories/article/a14305629?rev=_newest cve-icon cve-icon
https://backstage.pingidentity.com/downloads/browse/idm/featured cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability