CVE-2025-13532

MEDIUM

Fortra's Core Privileged Access Manager - Info Disclosure

Title source: llm

Description

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.

References (1)

[Vendor Advisory] https://www.fortra.com/security/advisories/product-security/fi-2025-014

Scores

CVSS v3 6.2

EPSS 0.0001

EPSS Percentile 1.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-916

Status published

Products (1)

Fortra/Core Privileged Access Manager (BoKS) This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8

Published Dec 16, 2025

Tracked Since Feb 18, 2026