Skip to main content

CVE-2025-5141: CWE-524: Use of Cache Containing Sensitive Information in Fortra Core Privileged Access Manager (BoKS)

Medium
VulnerabilityCVE-2025-5141cvecve-2025-5141cwe-524
Published: Tue Jun 17 2025 (06/17/2025, 19:30:51 UTC)
Source: CVE Database V5
Vendor/Project: Fortra
Product: Core Privileged Access Manager (BoKS)

Description

A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache.

AI-Powered Analysis

AILast updated: 06/17/2025, 20:04:38 UTC

Technical Analysis

CVE-2025-5141 is a medium-severity vulnerability affecting Fortra's Core Privileged Access Manager (BoKS) in multiple versions: 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1), and legacy tar installs of BoKS 7.2 without hotfix #0474. The vulnerability resides in the BoKS Server Agent component running on Linux, AIX, and Solaris platforms. It involves the improper use of a cache that contains sensitive information, which can be dumped by low-privilege local users. Specifically, the weakness is categorized under CWE-524, indicating that sensitive data is stored in a cache without adequate protection, allowing unauthorized local users to access confidential information. The CVSS v3.1 base score is 5.5 (medium), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, meaning the attack requires local access with low privileges, no user interaction, and results in high confidentiality impact but no integrity or availability impact. The vulnerability does not require user interaction but does require the attacker to have local access with low privileges, which limits remote exploitation but raises concerns in environments where multiple users have local access or where attackers can escalate privileges locally. The affected component is critical as it manages privileged access, so leakage of sensitive cached data could expose credentials or session tokens, potentially facilitating further privilege escalation or lateral movement within an organization. No known exploits are reported in the wild yet, and no patches or hotfixes are linked in the provided data, though hotfix #0474 addresses the issue for legacy tar installs. The vulnerability affects multiple UNIX-like operating systems, which are common in enterprise environments, especially in critical infrastructure and financial sectors.

Potential Impact

For European organizations, the impact of CVE-2025-5141 can be significant due to the sensitive nature of privileged access management systems. Leakage of cached sensitive information could lead to unauthorized disclosure of credentials or tokens, enabling attackers to escalate privileges or move laterally within networks. This could compromise critical systems, leading to data breaches or disruption of services. Organizations relying on Fortra's BoKS for managing privileged accounts in sectors such as finance, energy, telecommunications, and government could face increased risk of insider threats or local attacker exploitation. The requirement for local access limits remote exploitation but does not eliminate risk in environments with shared or multi-user access, or where attackers have gained initial footholds. The impact on confidentiality is high, but integrity and availability remain unaffected directly. However, indirect impacts such as unauthorized access to sensitive systems could lead to broader security incidents. Given the widespread use of UNIX-like systems in European enterprises, especially in regulated industries, this vulnerability could undermine compliance with data protection regulations if exploited.

Mitigation Recommendations

1. Apply available hotfixes and patches immediately, including hotfix #0474 for legacy tar installs of BoKS 7.2. 2. Restrict local access to BoKS Server Agent hosts strictly to trusted administrators and monitored personnel only. 3. Implement robust access controls and auditing on systems running BoKS to detect and prevent unauthorized local access attempts. 4. Employ host-based intrusion detection systems (HIDS) to monitor suspicious activities related to cache access or dumping attempts. 5. Consider isolating BoKS Server Agent components on hardened, minimal-access systems to reduce the attack surface. 6. Regularly review and rotate privileged credentials managed by BoKS to limit exposure if cached data is compromised. 7. Conduct internal security awareness training emphasizing the risks of local privilege abuse and the importance of securing privileged access management infrastructure. 8. Monitor vendor communications for official patches or updates and test them in controlled environments before deployment. 9. If possible, disable or limit caching of sensitive information within BoKS configurations until patches are applied. 10. Perform regular security assessments and penetration tests focusing on local privilege escalation and cache data exposure scenarios.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Fortra
Date Reserved
2025-05-23T21:18:11.239Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6851c6c9a8c9212743861d6e

Added to database: 6/17/2025, 7:49:29 PM

Last enriched: 6/17/2025, 8:04:38 PM

Last updated: 8/3/2025, 8:44:56 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats