Code Injection Vulnerability in CyberArk Endpoint Privilege Manager
CVE-2025-22270

7.3HIGH

Key Information:

Vendor

Cyberark

Status
Endpoint Privilege Manager
Vendor
CVE Published:
28 February 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-22270?

A security flaw exists in CyberArk Endpoint Privilege Manager that allows an attacker with access to the Administration panel, specifically within the Role Management tab, to inject malicious code by adding a new role in the 'name' field. This vulnerability poses a risk as it could potentially allow HTML injection, despite the existence of a Content-Security-Policy that limits the execution of JavaScript. The risk is further complicated by incomplete information regarding the impact on other versions and a lack of communication from the vendor regarding this issue.

Affected Version(s)

Endpoint Privilege Manager SaaS 24.7.1

News Articles

favicon imageCERT Polska

Vulnerabilities in CyberArk Endpoint Privilege Manager software

CVE ID CVE-2025-22270 Publication date 28 February...

References

https://cert.pl/en/posts/2025/02/CVE-2025-22270/
third-party-advisory
https://cert.pl/posts/2025/02/CVE-2025-22270/
third-party-advisory
https://docs.cyberark.com/epm/24.7.1/en/content/resources...
product

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by CERT Polska

  • Vulnerability published

  • Vulnerability Reserved

Credit

Karol Mazurek (Afine Team)
Maksymilian Kubiak (Afine Team)
.
CVE-2025-22270 : Code Injection Vulnerability in CyberArk Endpoint Privilege Manager