CyberArk: CA25-25 – Potential excessive consumption of resources on the host system that can lead to a denial of service (DoS)
Issued: July 15, 2025
Updated: N/A
Version: 1.0
Severity: High
CVSS Score: 8.7
Third-party publication / CVE: CVE-2025-30204
Impact: Potential excessive consumption of resources on the host system that can lead to a denial of service (DoS)
Affected products and versions
- Secrets Manager, SaaS (formerly Conjur Cloud) Edge – All versions prior to version 15.0
* This security bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.
** Relates only to versions that are within their development life. Please refer to our End-of-Life policy for details
Resolution
Upgrade to a version by downloading the version from the respective link and following the instructions in our online documentation.
Want to dive deeper? Check it out here
CyberArk: CA25-24 – Potential disclosure of sensitive information as part of the PTA DR setup
Issued: July 2, 2025
Updated: N/A
Version: 1.0
Severity: High
CVSS Score: N/A
Third-party publication / CVE: N/A
Impact: Potential disclosure of sensitive information as part of the PTA DR setup
Affected products and versions:
- Privileged Threat Analytics, Self-Hosted – All versions prior to 14.6
* This Security Bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.
** Relates only to versions that are within their development life cycle. Refer to our End of Life policy for details.
Resolution:
Upgrade to a patch version by downloading the patch from the respective link and following the instructions in our online documentation.
If a patch isn’t available for your installed version, or if you want to move to the latest available version, upgrade your component according to the upgrade version compatibility docs.
Want to dive deeper? Check it out here
CyberArk: CA25-23 – Potential MongoDB Shell Control Character Injection
Issued: July 2, 2025
Updated: N/A
Version: 1.0
Severity: High
CVSS Score: 7.2
Third-party publication / CVE: CVE-2025-1691
Impact: Potential MongoDB Shell Control Character Injection
Affected products and versions:
- Privileged Threat Analytics, Self-Hosted – All versions prior to 14.6
* This Security Bulletin applies only to the listed affected products. If this issue also affects another CyberArk product, it will be addressed separately in accordance with CyberArk’s Product Vulnerability Management Policy.
** Relates only to versions that are within their development life cycle. Refer to our End of Life policy for details.
Resolution:
Upgrade to a patch version by downloading the patch from the respective link and following the instructions in our online documentation.
If a patch isn’t available for your installed version, or if you want to move to the latest available version, upgrade your component according to the upgrade version compatibility docs.
Want to dive deeper? Check it out here