CVE-2025-5141: CWE-524: Use of Cache Containing Sensitive Information in Fortra Core Privileged Access Manager (BoKS)
A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache.
AI Analysis
Technical Summary
CVE-2025-5141 is a medium-severity vulnerability affecting Fortra's Core Privileged Access Manager (BoKS) in multiple versions: 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1), and legacy tar installs of BoKS 7.2 without hotfix #0474. The vulnerability resides in the BoKS Server Agent component running on Linux, AIX, and Solaris platforms. It involves the improper use of a cache that contains sensitive information, which can be dumped by low-privilege local users. Specifically, the weakness is categorized under CWE-524, indicating that sensitive data is stored in a cache without adequate protection, allowing unauthorized local users to access confidential information. The CVSS v3.1 base score is 5.5 (medium), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, meaning the attack requires local access with low privileges, no user interaction, and results in high confidentiality impact but no integrity or availability impact. The vulnerability does not require user interaction but does require the attacker to have local access with low privileges, which limits remote exploitation but raises concerns in environments where multiple users have local access or where attackers can escalate privileges locally. The affected component is critical as it manages privileged access, so leakage of sensitive cached data could expose credentials or session tokens, potentially facilitating further privilege escalation or lateral movement within an organization. No known exploits are reported in the wild yet, and no patches or hotfixes are linked in the provided data, though hotfix #0474 addresses the issue for legacy tar installs. The vulnerability affects multiple UNIX-like operating systems, which are common in enterprise environments, especially in critical infrastructure and financial sectors.
Potential Impact
For European organizations, the impact of CVE-2025-5141 can be significant due to the sensitive nature of privileged access management systems. Leakage of cached sensitive information could lead to unauthorized disclosure of credentials or tokens, enabling attackers to escalate privileges or move laterally within networks. This could compromise critical systems, leading to data breaches or disruption of services. Organizations relying on Fortra's BoKS for managing privileged accounts in sectors such as finance, energy, telecommunications, and government could face increased risk of insider threats or local attacker exploitation. The requirement for local access limits remote exploitation but does not eliminate risk in environments with shared or multi-user access, or where attackers have gained initial footholds. The impact on confidentiality is high, but integrity and availability remain unaffected directly. However, indirect impacts such as unauthorized access to sensitive systems could lead to broader security incidents. Given the widespread use of UNIX-like systems in European enterprises, especially in regulated industries, this vulnerability could undermine compliance with data protection regulations if exploited.
Mitigation Recommendations
1. Apply available hotfixes and patches immediately, including hotfix #0474 for legacy tar installs of BoKS 7.2. 2. Restrict local access to BoKS Server Agent hosts strictly to trusted administrators and monitored personnel only. 3. Implement robust access controls and auditing on systems running BoKS to detect and prevent unauthorized local access attempts. 4. Employ host-based intrusion detection systems (HIDS) to monitor suspicious activities related to cache access or dumping attempts. 5. Consider isolating BoKS Server Agent components on hardened, minimal-access systems to reduce the attack surface. 6. Regularly review and rotate privileged credentials managed by BoKS to limit exposure if cached data is compromised. 7. Conduct internal security awareness training emphasizing the risks of local privilege abuse and the importance of securing privileged access management infrastructure. 8. Monitor vendor communications for official patches or updates and test them in controlled environments before deployment. 9. If possible, disable or limit caching of sensitive information within BoKS configurations until patches are applied. 10. Perform regular security assessments and penetration tests focusing on local privilege escalation and cache data exposure scenarios.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Italy, Spain, Belgium, Poland, Switzerland
CVE-2025-5141: CWE-524: Use of Cache Containing Sensitive Information in Fortra Core Privileged Access Manager (BoKS)
Description
A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache.
AI-Powered Analysis
Technical Analysis
CVE-2025-5141 is a medium-severity vulnerability affecting Fortra's Core Privileged Access Manager (BoKS) in multiple versions: 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1), and legacy tar installs of BoKS 7.2 without hotfix #0474. The vulnerability resides in the BoKS Server Agent component running on Linux, AIX, and Solaris platforms. It involves the improper use of a cache that contains sensitive information, which can be dumped by low-privilege local users. Specifically, the weakness is categorized under CWE-524, indicating that sensitive data is stored in a cache without adequate protection, allowing unauthorized local users to access confidential information. The CVSS v3.1 base score is 5.5 (medium), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, meaning the attack requires local access with low privileges, no user interaction, and results in high confidentiality impact but no integrity or availability impact. The vulnerability does not require user interaction but does require the attacker to have local access with low privileges, which limits remote exploitation but raises concerns in environments where multiple users have local access or where attackers can escalate privileges locally. The affected component is critical as it manages privileged access, so leakage of sensitive cached data could expose credentials or session tokens, potentially facilitating further privilege escalation or lateral movement within an organization. No known exploits are reported in the wild yet, and no patches or hotfixes are linked in the provided data, though hotfix #0474 addresses the issue for legacy tar installs. The vulnerability affects multiple UNIX-like operating systems, which are common in enterprise environments, especially in critical infrastructure and financial sectors.
Potential Impact
For European organizations, the impact of CVE-2025-5141 can be significant due to the sensitive nature of privileged access management systems. Leakage of cached sensitive information could lead to unauthorized disclosure of credentials or tokens, enabling attackers to escalate privileges or move laterally within networks. This could compromise critical systems, leading to data breaches or disruption of services. Organizations relying on Fortra's BoKS for managing privileged accounts in sectors such as finance, energy, telecommunications, and government could face increased risk of insider threats or local attacker exploitation. The requirement for local access limits remote exploitation but does not eliminate risk in environments with shared or multi-user access, or where attackers have gained initial footholds. The impact on confidentiality is high, but integrity and availability remain unaffected directly. However, indirect impacts such as unauthorized access to sensitive systems could lead to broader security incidents. Given the widespread use of UNIX-like systems in European enterprises, especially in regulated industries, this vulnerability could undermine compliance with data protection regulations if exploited.
Mitigation Recommendations
1. Apply available hotfixes and patches immediately, including hotfix #0474 for legacy tar installs of BoKS 7.2. 2. Restrict local access to BoKS Server Agent hosts strictly to trusted administrators and monitored personnel only. 3. Implement robust access controls and auditing on systems running BoKS to detect and prevent unauthorized local access attempts. 4. Employ host-based intrusion detection systems (HIDS) to monitor suspicious activities related to cache access or dumping attempts. 5. Consider isolating BoKS Server Agent components on hardened, minimal-access systems to reduce the attack surface. 6. Regularly review and rotate privileged credentials managed by BoKS to limit exposure if cached data is compromised. 7. Conduct internal security awareness training emphasizing the risks of local privilege abuse and the importance of securing privileged access management infrastructure. 8. Monitor vendor communications for official patches or updates and test them in controlled environments before deployment. 9. If possible, disable or limit caching of sensitive information within BoKS configurations until patches are applied. 10. Perform regular security assessments and penetration tests focusing on local privilege escalation and cache data exposure scenarios.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Fortra
- Date Reserved
- 2025-05-23T21:18:11.239Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6851c6c9a8c9212743861d6e
Added to database: 6/17/2025, 7:49:29 PM
Last enriched: 6/17/2025, 8:04:38 PM
Last updated: 8/17/2025, 6:05:23 PM
Views: 13
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.