CVE-2025-13762 | THREATINT

Description

Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.

PUBLISHED Reserved 2025-11-27 | Published 2025-11-27 | Updated 2025-11-27 | Assigner GovTech CSG

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/AU:Y

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unaffected

Any version before 2.2.30305

affected

Credits

Benjamen Lim finder

Goh Jing Loon finder

Sean Seah finder

Tan Inn Fung finder

Zhang Bosen finder

References

chromewebstore.google.com/...cbaehgokpmkjcmkgdcbgamgln?hl=en

microsoftedge.microsoft.com/...fbemoifjjdkmgaknhohb?hl=en-US

cve.org (CVE-2025-13762)

nvd.nist.gov (CVE-2025-13762)

Download JSON