Local Data Exposure in Fortra's Core Privileged Access Manager on Linux and AIX
CVE-2025-5141

5.5MEDIUM

Key Information:

Vendor

Fortra
Status
Core Privileged Access Manager (boks)
Vendor
CVE Published:
17 June 2025

What is CVE-2025-5141?

A vulnerability within the BoKS Server Agent component of Fortra's Core Privileged Access Manager permits low privilege local users on Linux, AIX, and Solaris systems to extract sensitive data from the application cache. This issue affects multiple versions, including BoKS 7.2.0 up to 7.2.0.17, BoKS 8.1.0 up to 8.1.0.22, BoKS 8.1.1 up to 8.1.1.7, and BoKS 9.0.0 up to 9.0.0.1, as well as legacy tar installs without the necessary hotfix. Prompt action is advised to mitigate potential information leaks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Core Privileged Access Manager (BoKS) Linux 0 <= 7.2.0.17

Core Privileged Access Manager (BoKS) Linux 0 <= 8.1.0.22

Core Privileged Access Manager (BoKS) Linux 0 <= 8.1.1.7

References

https://www.fortra.com/security/advisories/product-securi...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maciej Grabiec, ING Hubs Poland
JSON
.