CVE-2025-5141 is a medium-severity vulnerability identified in Fortra's Core Privileged Access Manager (BoKS), specifically affecting the BoKS Server Agent component on Linux, AIX, and Solaris platforms. The affected versions include 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1), and legacy tar installations of BoKS 7.2 without hotfix #0474. The vulnerability is classified under CWE-524, which concerns the use of caches containing sensitive information. The issue allows low-privilege local users to dump sensitive data from the cache maintained by the BoKS Server Agent. This means that an attacker with limited local access can extract sensitive information that should be protected, potentially including credentials or session tokens used by the privileged access manager. The CVSS 3.1 score is 5.5, reflecting a medium severity with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the attack requires local access with low privileges, low attack complexity, no user interaction, and results in a high impact on confidentiality without affecting integrity or availability. No known exploits are reported in the wild at this time. The vulnerability arises because sensitive data is cached insecurely, allowing unauthorized local users to access it. This undermines the security guarantees of the privileged access management system, which is critical for controlling and auditing access to sensitive systems and credentials.

For European organizations, the impact of CVE-2025-5141 can be significant, especially for those relying on Fortra's Core Privileged Access Manager (BoKS) to secure privileged credentials and access controls. The ability for low-privilege local users to extract sensitive cached data could lead to unauthorized disclosure of privileged credentials or session information. This can facilitate lateral movement within networks, privilege escalation, and compromise of critical systems. Given that privileged access managers are central to enforcing least privilege and auditing access, this vulnerability could weaken an organization's overall security posture and increase the risk of insider threats or attacks by compromised local accounts. The impact is particularly critical in regulated industries such as finance, healthcare, and government sectors prevalent in Europe, where privileged access management is mandated for compliance with GDPR, NIS Directive, and other regulations. The lack of impact on integrity and availability reduces the risk of direct system disruption but does not diminish the confidentiality risks, which can lead to data breaches and regulatory penalties.

To mitigate CVE-2025-5141, European organizations should: 1) Immediately identify and inventory all deployments of Fortra Core Privileged Access Manager (BoKS) across Linux, AIX, and Solaris environments. 2) Apply the latest patches or hotfixes provided by Fortra, specifically hotfix #0474 for legacy tar installs and updates for the affected versions as soon as they become available. 3) Restrict local access to systems running BoKS Server Agent to only trusted administrators and use strong access controls and monitoring to detect unauthorized local access attempts. 4) Implement additional host-based security controls such as file integrity monitoring and endpoint detection and response (EDR) solutions to detect suspicious activities related to cache dumping. 5) Review and harden the configuration of BoKS to minimize caching of sensitive information where possible, and ensure that cache data is encrypted or protected with strict permissions. 6) Conduct regular audits of privileged access logs to detect anomalies that may indicate exploitation attempts. 7) Educate system administrators and security teams about this vulnerability and the importance of local access controls. These steps go beyond generic advice by focusing on local access restrictions, patch management specific to the affected versions, and enhanced monitoring tailored to the nature of the vulnerability.