CVE-2025-5141 MEDIUM

CVE-2025-5141: Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache

Vendor Fortra
Product Core Privileged Access Manager (BoKS)
Weakness CWE-524
Published June 17, 2025
Last update August 29, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache.

Key dates

02Disclosure timeline

June 17, 2025 CVE published
August 29, 2025 Record updated