SecurityWeek reports that threat actors could exploit a quartet of now-patched security flaws impacting the widely used open-source secrets management tool CyberArk Conjur to facilitate remote code execution and enterprise secrets compromise.
Attacks involving the identity access management authenticator bypass vulnerabilities, tracked as CVE-2025-49827 and CVE-2025-49831; the remote code execution bug, tracked as CVE-2025-49828; the missing validations defect, tracked as CVE-2025-49829; and the path traversal and file disclosure issue, tracked as CVE-2025-49830, could allow arbitrary code execution without AWS credentials, passwords, or tokens, according to an analysis from agentic identity security company Cyata presented at Black Hat USA 2025. Organizations with vulnerable CyberArk Secrets Manager, Self-Hosted, and Conjur instances have been urged to promptly remediate the security flaws. "As far as we know, these vulnerabilities have not been exploited in the wild, but we strongly encourage all users of the affected software to deploy the newly released patches as soon as possible," said CyberArk.
Attacks involving the identity access management authenticator bypass vulnerabilities, tracked as CVE-2025-49827 and CVE-2025-49831; the remote code execution bug, tracked as CVE-2025-49828; the missing validations defect, tracked as CVE-2025-49829; and the path traversal and file disclosure issue, tracked as CVE-2025-49830, could allow arbitrary code execution without AWS credentials, passwords, or tokens, according to an analysis from agentic identity security company Cyata presented at Black Hat USA 2025. Organizations with vulnerable CyberArk Secrets Manager, Self-Hosted, and Conjur instances have been urged to promptly remediate the security flaws. "As far as we know, these vulnerabilities have not been exploited in the wild, but we strongly encourage all users of the affected software to deploy the newly released patches as soon as possible," said CyberArk.
