Client-Side Denial of Service Condition in SWS Extension prior to...

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/AU:Y

Description

Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.

Basic Information

ID CVE-2025-13762

Source GovTech CSG

Published Nov 27, 2025 at 02:50

Affected Product

Vendor CyberArk

Product CyberArk Secure Web Sessions Extension

Affected Versions CyberArk CyberArk Secure Web Sessions Extension 0

CWE Classification

CWE-20

References

{
    "lastseen": "",
    "description": "Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.",
    "published": "2025-11-27T02:50:03.874Z",
    "modified": "2025-11-27T02:50:03.874Z",
    "type": "cve",
    "title": "Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305",
    "source": "GovTech CSG",
    "references": "https://chromewebstore.google.com/detail/cyberark-secure-web-sessi/ohfinlfcbaehgokpmkjcmkgdcbgamgln?hl=en\nhttps://microsoftedge.microsoft.com/addons/detail/cyberark-secure-web-sessi/gmfjibhpaliafbemoifjjdkmgaknhohb?hl=en-US",
    "id": "CVE-2025-13762",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "CyberArk CyberArk Secure Web Sessions Extension 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/AU:Y",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CyberArk Secure Web Sessions Extension",
    "version": "0",
    "vendor": "CyberArk",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305_CVE-2025-13762