CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator

🗓️ 15 Jul 2025 19:26:06Reported by GitHub_MType

Conjur OSS and Secrets Manager vulnerable to IAM Authenticator bypass affecting versions 1.19.5 to 1.22.0.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-49827	16 Jul 202520:32	–	circl
CNNVD	CyberArk Conjur 安全漏洞	15 Jul 202500:00	–	cnnvd
CVE	CVE-2025-49827	15 Jul 202519:26	–	cve
EUVD	EUVD-2025-21537	3 Oct 202520:07	–	euvd
NVD	CVE-2025-49827	15 Jul 202520:15	–	nvd
OSV	CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator	15 Jul 202519:26	–	osv
Positive Technologies	PT-2025-29612	15 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-49827	17 Jul 202519:55	–	redhatcve
The Hacker News	CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials	9 Aug 202505:15	–	thn
The Hacker News	⚡ Weekly Recap: BadCam Attack, WinRAR 0-Day, EDR Killer, NVIDIA Flaws, Ransomware Attacks & More	11 Aug 202511:53	–	thn

[
  {
    "vendor": "cyberark",
    "product": "conjur",
    "versions": [
      {
        "version": "Conjur OSS >= 1.19.5, < 1.22.1",
        "status": "affected"
      },
      {
        "version": "Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) >= 13.1, < 13.5.1",
        "status": "affected"
      },
      {
        "version": "Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) >= 13.6, < 13.6.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/cyberark/conjur/releases/tag/v1.22.1
github	www.github.com/cyberark/conjur/security/advisories/GHSA-gmc5-9mpc-xg75

15 Jul 2025 19:26Current

CVSS 49.1

EPSS0.01416

CWE-807