Improper Input Validation in EOL OVA Component by Saviynt
CVE-2025-3837

6.1MEDIUM

Key Information:

Vendor: Saviynt
Status: Ova Based Connect
Vendor: CVE Published:; 21 April 2025

What is CVE-2025-3837?

An improper input validation flaw exists in the End of Life OVA based connect component deployed for installations within customer networks. This component was deprecated in September 2023, with support extended until January 2024. Under specific conditions, attackers may exploit this vulnerability by manipulating a request parameter, allowing them to inject malicious code, potentially leading to unauthorized remote code execution on the hosting infrastructure.

Affected Version(s)

OVA based Connect Linux AlmaLinux-8.x_SC2.0-Client-2.0

OVA based Connect Linux AlmaLinux-8.x_SC2.0-Client-3.0

OVA based Connect Linux CentOS-7.x_SC2.0-Client-2.0

References

https://saviynt.com/trust-compliance-security

CVSS V4

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2025
Vulnerability Reserved
Apr 21, 2025

Credit

Achmea Security Assessment Team (SAT)