Insufficient Protection of Pre-Authentication Token in StrongDM Client
CVE-2025-6180

8.5HIGH

Key Information:

Vendor: Strongdm
Status: Sdm-cli
Vendor: CVE Published:; 20 August 2025

What is CVE-2025-6180?

The StrongDM Client exhibits a security flaw due to insufficient protection of a pre-authentication token. This weakness may allow attackers to intercept and reuse the token, potentially leading to unauthorized access by exploiting a race condition. Organizations using the StrongDM Client should prioritize reviewing their security measures and apply available patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

sdm-cli Windows 0 <= 47.96.0

References

https://security.strongdm.com/?tcuUid=56fde839-9388-4361-...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Jun 16, 2025

CVE-2025-6180 Data

JSON

Strongdm

What is CVE-2025-6180?

Affected Version(s)

References

CVSS V4

Timeline