Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

#ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b

Security Advisories

Reported CVEsVendorsProductsReports
4Vulnerabilities found
CVE-2025-6183
Assigner-ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b
ShareView Details
Assigner-ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b
CVSS Score-7||HIGH
EPSS-0.03% / 6.45%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 16:45
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Configd Injection

The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message.

Action-Not Available
Vendor-StrongDM
Product-sdm-cli
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-6182
Assigner-ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b
ShareView Details
Assigner-ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.59%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 16:44
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Root Certificate Injection

The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones.

Action-Not Available
Vendor-StrongDM
Product-sdm
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-6181
Assigner-ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b
ShareView Details
Assigner-ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b
CVSS Score-8.5||HIGH
EPSS-0.03% / 4.92%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 16:43
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The StrongDM Windows service incorrectly handled input validation. Authenticated attackers could potentially exploit this leading to privilege escalation.

Action-Not Available
Vendor-StrongDM
Product-sdm-cli
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-6180
Assigner-ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b
ShareView Details
Assigner-ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b
CVSS Score-8.5||HIGH
EPSS-0.01% / 0.55%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 16:41
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Hijack

The StrongDM Client insufficiently protected a pre-authentication token. Attackers could exploit this to intercept and reuse the token, potentially redeeming valid authentication credentials through a race condition.

Action-Not Available
Vendor-StrongDM
Product-sdm-cli
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information