Improper Authorization Vulnerability in EOL OVA Connect Component by Saviynt
CVE-2025-3838

6.1MEDIUM

Key Information:

Vendor: Saviynt
Status: Ova Based Connect
Vendor: CVE Published:; 21 April 2025

What is CVE-2025-3838?

An improper authorization vulnerability has been identified in the EOL OVA based connect component used for installations within customer internal networks. This flaw may allow unauthorized users to access a local database that contains weakly hashed credentials for installers. As this component was deprecated in September 2023, it is vital for organizations to address this vulnerability before the extended support period expires in January 2024.

Affected Version(s)

OVA based Connect Linux AlmaLinux-8.x_SC2.0-Client-2.0

OVA based Connect Linux AlmaLinux-8.x_SC2.0-Client-3.0

OVA based Connect Linux CentOS-7.x_SC2.0-Client-2.0

References

https://saviynt.com/trust-compliance-security

CVSS V4

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2025
Vulnerability Reserved
Apr 21, 2025

Credit

Achmea Security Assessment Team (SAT)