{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13762", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2025-11-27T02:49:11.941Z", "datePublished": "2025-11-27T02:50:03.874Z", "dateUpdated": "2025-12-03T16:25:21.056Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Chrome", "Edge"], "product": "CyberArk Secure Web Sessions Extension", "vendor": "CyberArk", "versions": [{"lessThan": "2.2.30305", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Benjamen Lim"}, {"lang": "en", "type": "finder", "value": "Goh Jing Loon"}, {"lang": "en", "type": "finder", "value": "Sean Seah"}, {"lang": "en", "type": "finder", "value": "Tan Inn Fung"}, {"lang": "en", "type": "finder", "value": "Zhang Bosen"}], "datePublic": "2025-11-27T02:49:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.<p>This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.</p>"}], "value": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305."}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.8, "baseSeverity": "MEDIUM", "exploitMaturity": "ATTACKED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/AU:Y", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2025-11-27T06:03:49.612Z"}, "references": [{"url": "https://chromewebstore.google.com/detail/cyberark-secure-web-sessi/ohfinlfcbaehgokpmkjcmkgdcbgamgln?hl=en"}, {"url": "https://microsoftedge.microsoft.com/addons/detail/cyberark-secure-web-sessi/gmfjibhpaliafbemoifjjdkmgaknhohb?hl=en-US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update SWS extension to v2.2.30305 or newer</span>\n\n<br>"}], "value": "Update SWS extension to v2.2.30305 or newer"}], "source": {"discovery": "INTERNAL"}, "title": "Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-03T16:25:14.720836Z", "id": "CVE-2025-13762", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-03T16:25:21.056Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13762", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-03T16:25:14.720836Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-03T16:25:18.196Z"}}], "cna": {"title": "Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Benjamen Lim"}, {"lang": "en", "type": "finder", "value": "Goh Jing Loon"}, {"lang": "en", "type": "finder", "value": "Sean Seah"}, {"lang": "en", "type": "finder", "value": "Tan Inn Fung"}, {"lang": "en", "type": "finder", "value": "Zhang Bosen"}], "impacts": [{"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/AU:Y", "exploitMaturity": "ATTACKED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "CyberArk", "product": "CyberArk Secure Web Sessions Extension", "versions": [{"status": "affected", "version": "0", "lessThan": "2.2.30305", "versionType": "custom"}], "platforms": ["Chrome", "Edge"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update SWS extension to v2.2.30305 or newer", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update SWS extension to v2.2.30305 or newer</span>\n\n<br>", "base64": false}]}], "datePublic": "2025-11-27T02:49:00.000Z", "references": [{"url": "https://chromewebstore.google.com/detail/cyberark-secure-web-sessi/ohfinlfcbaehgokpmkjcmkgdcbgamgln?hl=en"}, {"url": "https://microsoftedge.microsoft.com/addons/detail/cyberark-secure-web-sessi/gmfjibhpaliafbemoifjjdkmgaknhohb?hl=en-US"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.", "supportingMedia": [{"type": "text/html", "value": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.<p>This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2025-11-27T06:03:49.612Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13762", "state": "PUBLISHED", "dateUpdated": "2025-12-03T16:25:21.056Z", "dateReserved": "2025-11-27T02:49:11.941Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2025-11-27T02:50:03.874Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305."}], "id": "CVE-2025-13762", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "ATTACKED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2025-11-27T03:15:58.613", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://chromewebstore.google.com/detail/cyberark-secure-web-sessi/ohfinlfcbaehgokpmkjcmkgdcbgamgln?hl=en"}, {"source": "cve_disclosure@tech.gov.sg", "url": "https://microsoftedge.microsoft.com/addons/detail/cyberark-secure-web-sessi/gmfjibhpaliafbemoifjjdkmgaknhohb?hl=en-US"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"created": "2025-11-27T16:26:40.697335+00:00", "updated": "2025-11-27T16:26:40.698178+00:00", "vendors": ["cyberark", "cyberark$PRODUCT$secure_web_sessions_extension"]}