{"id":"CVE-2025-49828","summary":"Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code Execution","details":"Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secrets or templates into the Secrets Manager, Self-Hosted database could take advantage of an exposed API endpoint to execute arbitrary Ruby code within the Secrets Manager process. This issue affects both Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur OSS. Conjur OSS version 1.21.2 and Secrets Manager, Self-Hosted version 13.5 fix the issue.","aliases":["GHSA-93hx-v9pv-qrm4"],"modified":"2026-04-10T05:29:39.697886Z","published":"2025-07-15T19:35:33.147Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/49xxx/CVE-2025-49828.json","cwe_ids":["CWE-1336"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/07/16/7"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/08/08/1"},{"type":"WEB","url":"https://github.com/cyberark/conjur/releases/tag/v1.21.2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/49xxx/CVE-2025-49828.json"},{"type":"ADVISORY","url":"https://github.com/cyberark/conjur/security/advisories/GHSA-93hx-v9pv-qrm4"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49828"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cyberark/conjur","events":[{"introduced":"0"},{"fixed":"4a4fd0ef5777f206dc773e504e6d17e8fa28f00a"}],"database_specific":{"versions":[{"introduced":"1.20.1"},{"fixed":"1.21.2"}]}}],"versions":["1.2.0","delete","v0.2.0","v0.3.0","v0.6.0","v0.7.0","v0.8.0","v0.8.1","v0.9.0","v1.0.0","v1.0.1","v1.1.0","v1.1.1","v1.1.2","v1.10.0","v1.11.0","v1.11.1","v1.11.2","v1.11.3","v1.11.4","v1.11.5","v1.11.6","v1.11.7","v1.12.0","v1.13.0","v1.13.1","v1.14.0","v1.14.1","v1.14.2","v1.15.0","v1.16.0-2224","v1.16.0-2233","v1.16.0-2238","v1.16.0-2258","v1.16.0-2264","v1.16.0-2265","v1.16.0-2266","v1.16.0-2271","v1.16.0-2280","v1.16.0-2281","v1.16.0-2286","v1.17.0-2299","v1.17.1-2301","v1.17.1-2305","v1.17.1-2306","v1.17.1-2307","v1.17.1-2312","v1.17.1-2314","v1.17.2-2321","v1.17.2-2323","v1.17.2-2324","v1.17.2-2330","v1.17.2-2341","v1.17.2-2371","v1.17.2-2380","v1.17.2-2401","v1.17.2-2408","v1.17.2-2468","v1.17.2-2477","v1.17.3","v1.17.3-2478","v1.17.3-2484","v1.17.3-2498","v1.17.4-2500","v1.17.5-2503","v1.17.5-2515","v1.17.5-2521","v1.17.6","v1.17.6-2525","v1.17.6-2555","v1.17.6-2562","v1.17.6-2571","v1.17.6-2585","v1.17.7","v1.17.7-2648","v1.17.7-2653","v1.17.7-2670","v1.17.7-2695","v1.17.7-2705","v1.17.7-2710","v1.17.7-2766","v1.17.7-2782","v1.17.7-2785","v1.17.8-2829","v1.18.0","v1.18.0-2834","v1.18.0-2837","v1.18.0-2845","v1.18.0-2856","v1.18.0-2864","v1.18.0-2871","v1.18.0-2891","v1.18.0-2893","v1.18.0-2902","v1.18.1","v1.18.1-2924","v1.18.1-2928","v1.18.1-2953","v1.18.1-2957","v1.18.1-2961","v1.18.1-2963","v1.18.1-2969","v1.18.2","v1.18.2-3025","v1.18.2-3030","v1.18.3","v1.18.3-3057","v1.18.4","v1.18.4-3067","v1.18.5-3122","v1.18.5-3123","v1.18.5-3165","v1.18.5-3170","v1.18.5-3183","v1.18.5-3187","v1.19.0","v1.19.0-3227","v1.19.0-3228","v1.19.0-3239","v1.19.0-3243","v1.19.0-3276","v1.19.0-3290","v1.19.0-3292","v1.19.0-3294","v1.19.1","v1.19.1-3316","v1.19.1-3320","v1.19.1-3325","v1.19.1-3334","v1.19.1-3355","v1.19.1-3387","v1.19.1-3394","v1.19.1-3398","v1.19.2","v1.19.2-3426","v1.19.2-3431","v1.19.3","v1.19.3-3458","v1.19.3-3474","v1.19.3-3475","v1.19.3-3483","v1.19.3-3494","v1.19.3-3517","v1.19.3-3518","v1.19.3-3528","v1.19.3-3529","v1.19.3-3568","v1.19.3-3584","v1.19.3-3597","v1.19.3-3602","v1.19.3-3603","v1.19.3-3606","v1.19.3-3614","v1.19.3-3615","v1.19.3-3619","v1.19.3-3622","v1.19.3-3632","v1.19.3-3638","v1.19.3-3645","v1.19.3-3646","v1.19.3-3648","v1.19.3-3651","v1.19.3-3676","v1.19.3-3685","v1.19.3-3690","v1.19.4-3759","v1.19.4-3763","v1.19.5","v1.19.5-3765","v1.19.5-3796","v1.19.5-3797","v1.19.5-3798","v1.19.5-3859","v1.19.5-3864","v1.19.5-3900","v1.19.5-3903","v1.19.5-3905","v1.19.5-3906","v1.19.5-3911","v1.19.5-3915","v1.19.6-3948","v1.19.6-3949","v1.19.6-3954","v1.19.6-3955","v1.19.6-3960","v1.19.6-3961","v1.19.6-3968","v1.19.6-3969","v1.19.6-3974","v1.19.6-3979","v1.19.6-3984","v1.19.6-3985","v1.19.6-3989","v1.19.6-3990","v1.19.6-3994","v1.19.6-3999","v1.19.6-4000","v1.19.6-4003","v1.19.6-4004","v1.19.6-4016","v1.19.6-4019","v1.19.6-4023","v1.19.6-4027","v1.19.6-4037","v1.19.6-4038","v1.19.6-4040","v1.19.6-4041","v1.19.6-4045","v1.19.6-4046","v1.19.6-4050","v1.19.6-4056","v1.19.6-4060","v1.19.6-4061","v1.19.6-4065","v1.19.6-4066","v1.2.0","v1.20.0","v1.20.0-4069","v1.20.0-4071","v1.20.0-4072","v1.20.0-4076","v1.20.0-4077","v1.20.0-4083","v1.20.0-4088","v1.20.0-4095","v1.20.0-4104","v1.20.0-4105","v1.20.0-4107","v1.20.0-4115","v1.20.0-4125","v1.20.0-4126","v1.20.0-4127","v1.20.0-4131","v1.20.0-4132","v1.20.0-4153","v1.20.0-4157","v1.20.0-4161","v1.20.0-4164","v1.20.0-4177","v1.20.0-4180","v1.20.0-4183","v1.20.0-4187","v1.20.0-4191","v1.20.0-4198","v1.20.0-4212","v1.20.0-4214","v1.20.0-4218","v1.20.0-4219","v1.20.0-4222","v1.20.0-4223","v1.20.0-4224","v1.20.0-4229","v1.20.0-4230","v1.20.0-4231","v1.20.0-4238","v1.20.0-4249","v1.20.0-4250","v1.20.0-4255","v1.20.0-4256","v1.20.0-4262","v1.20.1-4353","v1.20.1-4362","v1.20.1-4368","v1.20.1-4372","v1.20.1-4377","v1.20.1-4378","v1.20.1-4383","v1.20.1-4385","v1.20.1-4395","v1.20.1-4400","v1.20.1-4404","v1.20.1-4405","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.6","v1.4.7","v1.5.0","v1.5.1","v1.6.0","v1.7.0","v1.7.1","v1.7.2","v1.7.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"13.1"},{"fixed":"13.5"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49828.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}