Improper Input Validation in CyberArk Secure Web Sessions Extension for Chrome and Edge
CVE-2025-13762

4.8MEDIUM

Key Information:

Vendor: Cyberark
Status: Cyberark Secure Web Sessions Extension
Vendor: CVE Published:; 27 November 2025

What is CVE-2025-13762?

An improper input validation vulnerability in the CyberArk Secure Web Sessions Extension for both Chrome and Edge browsers has been identified. This flaw could enable attackers to cause a Denial of Service (DoS) when initiating new Secure Web Sessions. Users are advised to update to the latest version to mitigate potential risks.

Affected Version(s)

CyberArk Secure Web Sessions Extension Chrome 0 < 2.2.30305

References

https://chromewebstore.google.com/detail/cyberark-secure-...

https://microsoftedge.microsoft.com/addons/detail/cyberar...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2025
Vulnerability Reserved
Nov 27, 2025

Credit

Benjamin Lim

Goh Jing Loon

Sean Seah

Tan Inn Fung

Zhang Bosen

JSON

Cyberark

What is CVE-2025-13762?

Affected Version(s)

References

CVSS V4

Timeline

Credit