CVE-2025-49828 in conjurinfo

Summary

by MITRE • 07/15/2025

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could take advantage of an exposed API endpoint to execute arbitrary Ruby code within the Secrets Manager process. This issue affects both Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS. Conjur OSS version 1.21.2 and Secrets Manager, Self-Hosted version 13.5 fix the issue.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 09/12/2025

The vulnerability identified as CVE-2025-49828 represents a critical remote code execution flaw within Conjur's secrets management platform, affecting both open source and enterprise deployments. This issue stems from insufficient input validation within the application's API endpoints, specifically when processing secret or template injections that can be manipulated by authenticated attackers. The vulnerability impacts Conjur Open Source versions 1.19.5 through 1.21.1 and Conjur Secrets Manager Self-Hosted versions 13.1 through 13.4.1, creating a significant risk for organizations relying on these platforms for critical infrastructure identity and secrets management. The flaw allows authenticated attackers with privileges to inject malicious content into the system's database to exploit exposed API endpoints and execute arbitrary Ruby code within the context of the Secrets Manager process, potentially leading to complete system compromise.

The technical implementation of this vulnerability resides in the improper handling of user-supplied data within the Conjur platform's processing pipeline. When authenticated users inject secrets or templates into the database, the system fails to properly sanitize or validate the input before processing it through Ruby-based components. This creates a code injection vector that leverages the Ruby interpreter's capabilities within the application's execution environment, allowing attackers to execute arbitrary commands with the privileges of the Secrets Manager process. The vulnerability's classification aligns with CWE-94, which describes "Improper Control of Generation of Code ('Code Injection')" and specifically relates to Ruby code injection scenarios. The attack surface is expanded through the exposed API endpoints that serve as entry points for the malicious payload execution, making this a particularly dangerous vulnerability for environments where the platform is accessible over network boundaries.

The operational impact of this vulnerability extends far beyond simple privilege escalation, as it provides attackers with complete control over the secrets management infrastructure. Successful exploitation could enable attackers to access all stored secrets, modify or delete sensitive information, and potentially use the compromised platform as a pivot point for attacking other systems within the network. Organizations using affected Conjur versions face the risk of credential theft, data breaches, and disruption of critical identity management services. The vulnerability affects both Conjur OSS and the enterprise version, indicating a systemic issue within the platform's architecture that requires immediate remediation across all affected deployments. The attack requires only authentication privileges, making it particularly dangerous as it can be exploited by insiders or compromised legitimate users with appropriate access rights.

Organizations should immediately implement the recommended mitigations by upgrading to Conjur Open Source version 1.21.2 or Conjur Secrets Manager Self-Hosted version 13.5, which contain the necessary patches to address the code injection vulnerability. Additionally, administrators should review and tighten access controls to limit the number of users with privileges to inject secrets or templates into the system. Network segmentation and monitoring of API endpoint access should be enhanced to detect potential exploitation attempts. The vulnerability's exploitation aligns with ATT&CK technique T1059.007, which covers "Command and Scripting Interpreter: Ruby," and represents a significant risk for organizations following the principle of least privilege, as the vulnerability allows for arbitrary code execution within the application's trusted environment. Security teams should also consider implementing automated scanning solutions to identify systems running vulnerable versions and establish incident response procedures specifically addressing this type of code injection attack vector.

Responsible

GitHub M

Reservation

06/11/2025

Disclosure

07/15/2025

Moderation

accepted

CPE

ready

EPSS

0.01972

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!