BeyondMachines :verified:@beyondmachines1@infosec.exchange
Researchers report critical flaws in CyberArk vaults
Security researchers discovered multiple vulnerabilities in CyberArk vaults dubbed "VaultFault", including two critical flaws that enable pre-authentication remote code execution through malformed regular expressions, potentially allowing complete system compromise.
If you use CyberArk Conjur or Secrets Manager, immediately update to the latest patched versions released after June 19, 2025, as attackers can completely bypass authentication and take control of your systems. If you can't patch immediately, restrict network access to these systems using firewalls or private networks to limit exposure until you can update.
#cybersecurity #infosec #advisory #databreach
https://beyondmachines.net/event_details/researchers-report-critical-flaws-in-hashicorp-vault-and-cyberark-conjur-s-r-e-a-z/gD2P6Ple2L