Local Data Exposure in Fortra's Core Privileged Access Manager on Linux and AIX
CVE-2025-5141
5.5MEDIUM
What is CVE-2025-5141?
A vulnerability within the BoKS Server Agent component of Fortra's Core Privileged Access Manager permits low privilege local users on Linux, AIX, and Solaris systems to extract sensitive data from the application cache. This issue affects multiple versions, including BoKS 7.2.0 up to 7.2.0.17, BoKS 8.1.0 up to 8.1.0.22, BoKS 8.1.1 up to 8.1.1.7, and BoKS 9.0.0 up to 9.0.0.1, as well as legacy tar installs without the necessary hotfix. Prompt action is advised to mitigate potential information leaks.
Affected Version(s)
Core Privileged Access Manager (BoKS) Linux 0 <= 7.2.0.17
Core Privileged Access Manager (BoKS) Linux 0 <= 8.1.0.22
Core Privileged Access Manager (BoKS) Linux 0 <= 8.1.1.7