- Description
- Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
- Source
- cvd@cert.pl
- NVD status
- Awaiting Analysis
- CNA Tags
- exclusively-hosted-service
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- cvd@cert.pl
- CWE-770
- Hype score
- Not currently trending
🚨 #CVE-2025-22273: Allocation of Resources Without Limits or Throttling https://t.co/8IbrsVlQDw
@UndercodeUpdate
4 Mar 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-22273 ⚠️🔴 CRITICAL (9.3) 🏢 CyberArk - Endpoint Privilege Manager 🏗️ 24.7.1 🔗 https://t.co/UaW850OWAO 🔗 https://t.co/wcRFSwV356 🔗 https://t.co/s7jEFUKsyP #CyberCron #VulnAlert https://t.co/fVxCQ4Qvnq
@cybercronai
28 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22273 CyberArk Endpoint Privilege Manager Brute Force Vulnerability in Password Change Endpoint https://t.co/slpWNTkw9U
@VulmonFeeds
28 Feb 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-22273: CRITICAL] Vulnerability alert: CyberArk Endpoint Privilege Manager in SaaS version 24.7.1 is susceptible to a brute force attack due to unrestricted user interactions. Other versions' status is u...#cybersecurity,#vulnerability https://t.co/HohLqA0i7O https://t.c
@CveFindCom
28 Feb 2025
14 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes