CVE-2025-22270 in Endpoint Privilege Managerinformación

Resumen

por MITRE • 2025-02-28

An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the Content-Security-Policy policy, which mitigates JS code execution while still allowing HTML injection.


This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

CERT-PL

Reservar

2025-01-02

Divulgación

2025-02-28

Moderación

aceptado

Artículo

VDB-297981

CPE

listo

EPSS

0.00589

KEV

no

Actividades

muy bajo

Fuentes

Want to know what is going to be exploited?

We predict KEV entries!