CVE-2025-22272

CVSS

No CVSS.

I

n the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.

References

Link	Resource
https://cert.pl/en/posts/2025/02/CVE-2025-22270/
https://cert.pl/posts/2025/02/CVE-2025-22270/
https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm

Configurations

No configuration.

History

05 Mar 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) En el endpoint "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg", es posible inyectar código en el parámetro "modalDlgMsgInternal" mediante POST, que luego se ejecuta en el navegador. El riesgo de explotar la vulnerabilidad se reduce debido a la omisión adicional requerida de la política Content-Security-Policy. Este problema afecta a CyberArk Endpoint Privilege Manager en la versión SaaS 24.7.1. Se desconoce el estado de otras versiones. Después de varios intentos de comunicarnos con el proveedor, no recibimos ninguna respuesta.

28 Feb 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-28 13:15

Updated : 2025-03-05 16:15

NVD link : CVE-2025-22272

Mitre link : CVE-2025-22272

CVE.ORG link : CVE-2025-22272

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-22272", "cveTags": [{"tags": ["exclusively-hosted-service"], "sourceIdentifier": "[email protected]"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-28T13:15:27.770", "references": [{"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/", "source": "[email protected]"}, {"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/", "source": "[email protected]"}, {"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In the \"/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg\" endpoint, it is possible to inject code in the \"modalDlgMsgInternal\" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."}, {"lang": "es", "value": "En el endpoint \"/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg\", es posible inyectar c\u00f3digo en el par\u00e1metro \"modalDlgMsgInternal\" mediante POST, que luego se ejecuta en el navegador. El riesgo de explotar la vulnerabilidad se reduce debido a la omisi\u00f3n adicional requerida de la pol\u00edtica Content-Security-Policy. Este problema afecta a CyberArk Endpoint Privilege Manager en la versi\u00f3n SaaS 24.7.1. Se desconoce el estado de otras versiones. Despu\u00e9s de varios intentos de comunicarnos con el proveedor, no recibimos ninguna respuesta."}], "lastModified": "2025-03-05T16:15:38.033", "sourceIdentifier": "[email protected]"}