Description

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could take advantage of an exposed API endpoint to execute arbitrary Ruby code within the Secrets Manager process. This issue affects both Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS. Conjur OSS version 1.21.2 and Secrets Manager, Self-Hosted version 13.5 fix the issue.

INFO

Published Date :

2025-07-15T19:35:33.147Z

Last Modified :

2025-11-04T21:11:23.944Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-49828 vulnerability.

Vendors Products
Cyberark
  • Conjur
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-49828.

URL Resource
http://www.openwall.com/lists/oss-security/2025/07/16/7 cve-icon
http://www.openwall.com/lists/oss-security/2025/08/08/1 cve-icon
https://github.com/cyberark/conjur/releases/tag/v1.21.2 cve-icon cve-icon
https://github.com/cyberark/conjur/security/advisories/GHSA-93hx-v9pv-qrm4 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact