CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-5141: Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache

5.5 CVSS

Description

A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache.

Classification

CVE ID: CVE-2025-5141

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-524: Use of Cache Containing Sensitive Information

Affected Products

Vendor: Fortra

Product: Core Privileged Access Manager (BoKS)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.53% (scored less or equal to compared to others)

EPSS Date: 2025-06-23 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5141
https://www.cve.org/cverecord?id=CVE-2025-5141

Timeline

2025-06-17 20:40:16 UTC
CVE

Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache