Local Privilege Escalation in One Identity Password Manager via Flawed Security Mechanism
CVE-2025-27582

7.6HIGH

Key Information:

Vendor: One Identity
Status: Password Manager
Vendor: CVE Published:; 14 July 2025

🔔 Create One Identity Vulnerability Alert

What is CVE-2025-27582?

The Secure Password extension in One Identity Password Manager is affected by a vulnerability that allows local privilege escalation due to an inadequate security hardening mechanism in the kiosk browser. This flaw enables an attacker with access to the Password Self-Service site from the lock screen to create a malicious webpage. By utilizing the Help function, the attacker can execute a script that overrides the security measures meant to prevent privileged actions. This can lead to the invocation of the SYSTEM-level print dialog, allowing the attacker to leverage standard Windows functionalities to gain complete control of the system.

Affected Version(s)

Password Manager 0 < 5.14.4

References

https://www.cyberis.com/article/password-manager-privileg...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2025
Vulnerability Reserved
Mar 3, 2025

JSON