{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5141", "assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "state": "PUBLISHED", "assignerShortName": "Fortra", "dateReserved": "2025-05-23T21:18:11.239Z", "datePublished": "2025-06-17T19:30:51.781Z", "dateUpdated": "2025-06-17T19:50:34.425Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux", "AIX", "Solaris"], "product": "Core Privileged Access Manager (BoKS)", "vendor": "Fortra", "versions": [{"lessThanOrEqual": "7.2.0.17", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "8.1.0.22", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "8.1.1.7", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "9.0.0.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Maciej Grabiec, ING Hubs Poland"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache."}], "value": "A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache."}], "impacts": [{"capecId": "CAPEC-204", "descriptions": [{"lang": "en", "value": "CAPEC-204 Lifting Sensitive Data Embedded in Cache"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-524", "description": "CWE-524: Use of Cache Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "shortName": "Fortra", "dateUpdated": "2025-06-17T19:30:51.781Z"}, "references": [{"url": "https://www.cve.org/cverecord?id=CVE-2025-5141"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to the latest patched version or hotfix"}], "value": "Upgrade to the latest patched version or hotfix"}], "source": {"discovery": "UNKNOWN"}, "title": "Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-17T19:50:23.706281Z", "id": "CVE-2025-5141", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T19:50:34.425Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5141", "assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "state": "PUBLISHED", "assignerShortName": "Fortra", "dateReserved": "2025-05-23T21:18:11.239Z", "datePublished": "2025-06-17T19:30:51.781Z", "dateUpdated": "2025-06-17T19:50:34.425Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux", "AIX", "Solaris"], "product": "Core Privileged Access Manager (BoKS)", "vendor": "Fortra", "versions": [{"lessThanOrEqual": "7.2.0.17", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "8.1.0.22", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "8.1.1.7", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "9.0.0.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Maciej Grabiec, ING Hubs Poland"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache."}], "value": "A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache."}], "impacts": [{"capecId": "CAPEC-204", "descriptions": [{"lang": "en", "value": "CAPEC-204 Lifting Sensitive Data Embedded in Cache"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-524", "description": "CWE-524: Use of Cache Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "shortName": "Fortra", "dateUpdated": "2025-06-17T19:30:51.781Z"}, "references": [{"url": "https://www.cve.org/cverecord?id=CVE-2025-5141"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to the latest patched version or hotfix"}], "value": "Upgrade to the latest patched version or hotfix"}], "source": {"discovery": "UNKNOWN"}, "title": "Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5141", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-17T19:50:23.706281Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T19:50:26.362Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache."}], "id": "CVE-2025-5141", "lastModified": "2025-06-17T20:50:23.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "type": "Secondary"}]}, "published": "2025-06-17T20:15:32.583", "references": [{"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "url": "https://www.cve.org/cverecord?id=CVE-2025-5141"}], "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-524"}], "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "type": "Secondary"}]}

{}