Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-22272

Summary
Assigner-CERT-PL
Assigner Org ID-4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At-28 Feb, 2025 | 12:33
Updated At-05 Mar, 2025 | 15:53
Rejected At-
Credits

Self Reflected XSS in CyberArk Endpoint Privilege Manager

In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERT-PL
Assigner Org ID:4bb8329e-dd38-46c1-aafb-9bf32bcb93c6
Published At:28 Feb, 2025 | 12:33
Updated At:05 Mar, 2025 | 15:53
Rejected At:
▼CVE Numbering Authority (CNA)
Self Reflected XSS in CyberArk Endpoint Privilege Manager

In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.

Affected Products
Vendor
CyberArk
Product
Endpoint Privilege Manager
Platforms
  • SaaS
Default Status
unknown
Versions
Affected
  • 24.7.1
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
4.02.1LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Version: 4.0
Base score: 2.1
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-591CAPEC-591 Reflected XSS
CAPEC ID: CAPEC-591
Description: CAPEC-591 Reflected XSS
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Karol Mazurek (Afine Team)
finder
Maksymilian Kubiak (Afine Team)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert.pl/en/posts/2025/02/CVE-2025-22270/
third-party-advisory
https://cert.pl/posts/2025/02/CVE-2025-22270/
third-party-advisory
https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm
product
Hyperlink: https://cert.pl/en/posts/2025/02/CVE-2025-22270/
Resource:
third-party-advisory
Hyperlink: https://cert.pl/posts/2025/02/CVE-2025-22270/
Resource:
third-party-advisory
Hyperlink: https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cvd@cert.pl
Published At:28 Feb, 2025 | 13:15
Updated At:15 Apr, 2026 | 00:35

In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.02.1LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 2.1
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Secondarycvd@cert.pl
CWE ID: CWE-79
Type: Secondary
Source: cvd@cert.pl
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cert.pl/en/posts/2025/02/CVE-2025-22270/cvd@cert.pl
N/A
https://cert.pl/posts/2025/02/CVE-2025-22270/cvd@cert.pl
N/A
https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htmcvd@cert.pl
N/A
Hyperlink: https://cert.pl/en/posts/2025/02/CVE-2025-22270/
Source: cvd@cert.pl
Resource: N/A
Hyperlink: https://cert.pl/posts/2025/02/CVE-2025-22270/
Source: cvd@cert.pl
Resource: N/A
Hyperlink: https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm
Source: cvd@cert.pl
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2025-22270
Matching Score-6
Assigner-CERT.PL
ShareView Details
Matching Score-6
Assigner-CERT.PL
CVSS Score-7.3||HIGH
EPSS-0.17% / 38.26%
||
7 Day CHG~0.00%
Published-28 Feb, 2025 | 12:32
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS in CyberArk Endpoint Privilege Manager

An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the Content-Security-Policy policy, which mitigates JS code execution while still allowing HTML injection. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.

Action-Not Available
Vendor-CyberArk
Product-Endpoint Privilege Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-32607
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.1||LOW
EPSS-0.04% / 14.05%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 17:40
Updated-09 Apr, 2026 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse: Stored XSS via unescaped assignee name

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritize_full_name_in_ux site setting is enabled (defaults to false, requires console access to change), user and group display names are rendered without HTML escaping in several assignment-related UI paths. This allows users with assign permission to inject arbitrary HTML/JavaScript that executes in the browser of any user viewing an affected topic. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Details not found