CVE-2025-13762 MEDIUM

CVE-2025-13762: Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305

Vendor Cyberark
Product CyberArk Secure Web Sessions Extension
Weakness CWE-20 · Input validation
Published November 27, 2025
Last update December 3, 2025

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/AU:Y

What the vulnerability does

01Description

Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.

Key dates

02Disclosure timeline

November 27, 2025 CVE published
December 3, 2025 Record updated