CyberArk: CA25-29 – Potential exposure to Prototype Pollution as described in the above third-party CVE
Issued: August 27, 2025
Updated: N/A
Version: 1.0
Severity: High
CVSS Score: 7.8
Third-party publication / CVE: CVE-2024-38996
Impact: Potential exposure to Prototype Pollution as described in the above third-party CVE.
Affected products and versions:
Password Vault Web Access (PVWA) Self-Hosted: All versions earlier than 14.2.4 – All product subsets are affected.
* This Security Bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.
** Relates only to versions that are within their development life cycle. Refer to our End of Life policy for details.
Resolution:
Upgrade to a patch version from the table below by downloading the patch from the respective link and following the instructions in our online documentation.
If a patch isn’t available for your installed version, or if you want to move to the latest available version, upgrade your component according to the upgrade version compatibility docs.
PAM On Cloud customers:
- Version 14.2 and later: Download and deploy the patched image from the Marketplace for your deployed solution:
- Versions earlier than 14.2: Follow the instructions for on-premises patches for your deployed version.
Temporary mitigation:
There is no temporary mitigation available for this security bulletin.
Exploited in the wild in a CyberArk environment:
Not to the best of CyberArk’s knowledge.
CyberArk: CA25-28 – Potential session hijacking, allowing unauthorized access to an authenticated Secure Infrastructure Access (SIA) user’s session
Issued: August 06, 2025
Updated: N/A
Version: 1.0
Severity: High
CVSS Score: 8.1
Third-party publication / CVE: N/A
Impact: Potential session hijacking, allowing unauthorized access to an authenticated Secure Infrastructure Access (SIA) user’s session.
Affected products and versions:
- Secure Infrastructure Access: The following SIA connection types are affected when accessed by users authenticated via a federated identity provider (external IdP):SIA-RDPSIA-SSH
* This Security Bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.
** Relates only to versions that are within their development life cycle. Refer to our End of Life policy for details.
Resolution: To address this, connections via Secure Infrastructure Access (SIA) now include an additional, optional authentication factor.
After the initial authentication step, users will be prompted to enter a PIN code in the native client, as part of the SIA authentication flow.
To enable the additional authentication factor, follow the steps below:
- Log in to the Identity Administration portal.
- Navigate to: Core Services → Policies
- Choose an existing policy to edit or click Add Policy Set to create a new one.
- Navigate to: Authentication Policies → CyberArk Identity Security Platform
- Set the drop-down menu Enable authentication policy controls to Yes.
- Check the box for Enable PIN code protection for native clients.
- Click Save.
It’s important to note that even if the flag is already enabled, you still need to click ‘Save’ for the new flow to apply.
Temporary mitigation:
There is no temporary mitigation available for this security bulletin.
CyberArk: CA25-27 – Potential authentication bypass via Identity connector synchronization
Issued: July 15, 2025
Updated: N/A
Version: 1.0
Severity: High
CVSS Score: 8.3
Third-party publication / CVE: N/A
Impact: Potential authentication bypass via Identity connector synchronization
Product:
- SSH Manager for Machines (formerly known as SSH Protect) – All versions prior to version 25.1
- Code Signing Manager (formerly known as CodeSign Protect) – All versions prior to version 25.1
- Certificate Manager, Self-Hosted (formerly known as TLS Protect Datacenter) – All versions prior to version 25.1
* This security bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed in a separate security bulletin.
** Relates only to versions that are within their development life. Please refer to our End-of-Life policy for details
Resolution
Upgrade to a patch version by downloading the patch from the respective link and following the instructions in our online documentation.
If a patch isn’t available for your installed version, or if you want to move to the latest available version, upgrade your component according to the upgrade version compatibility docs.
Want to dive deeper? Check it out here
CyberArk: CA25-26 – Potential disclosure of sensitive information to users with administrative privileges
Issued: July 15, 2025
Updated: N/A
Version: 1.0
Severity: High
CVSS Score: 7.2
Third-party publication / CVE: N/A
Impact: Potential disclosure of sensitive information to users with administrative privileges
- Certificate Manager, Self-Hosted (formerly TLS Protect Datacenter) – All versions prior to version 25.1
- SSH Manager for Machines (formerly SSH Protect) – All versions prior to version 25.1
- Code Sign Manager (formerly CodeSign Protect) – All versions prior to version 25.1
* This Security Bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.
** Relates only to versions that are within their development life cycle. Refer to our End of Life policy for details.
Resolution:
Upgrade to a patch version by downloading the patch from the respective link and following the instructions in our online documentation.
Want to dive deeper? Check it out here