CVE-2025-13532 MEDIUM

CVE-2025-13532: Weak Password Hash in Core Privileged Access Manager (BoKS)

Vendor Fortra
Product Core Privileged Access Manager (BoKS)
Weakness CWE-916
Published December 16, 2025
Last update December 16, 2025

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms.  This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.

Key dates

02Disclosure timeline

December 16, 2025 CVE published
December 16, 2025 Record updated