5 matches found
EUVD-2026-33417
StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...
CVE-2025-6181
The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privilege escalation...
CVE-2025-6182
The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones...
CVE-2025-6182 Root Certificate Injection
The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones...
CVE-2025-6181
The CVE-2025-6181 affects the StrongDM Windows service, where input validation is incorrectly handled. The root cause is input validation failures that could allow an authenticated local attacker to escalate privileges. The CVSSv4 vector indicates a HIGH-severity, local attack with low complexity...