Home > Vulnerability Database > CVE-2025-49830

Mend.io Vulnerability Database

CVE-2025-49830

Good to know:

Date: July 15, 2025

Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand the folder structure of the Secrets Manager/Conjur server or to have the yaml parser include files on the server in the yaml that is processed as the policy loads. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.

Severity Score

6.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-49830

Url: https://github.com/cyberark/conjur/security/advisories/GHSA-7m6h-fqrm-m9c5

Url: https://github.com/cyberark/conjur/releases/tag/v1.22.1

Url: https://www.mend.io/vulnerability-database/CVE-2025-49830

Severity Score

6.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version https://github.com/cyberark/conjur.git - v1.22.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-49830

Good to know:

Date: July 15, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?