CVE-2025-7371

July 22, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-7371
Type cve
Published 2025-07-22T15:49:06.579Z
Modified 2025-07-22T15:54:09.005Z

Product Information

Vendor Okta
Product Okta On-Premises Provisioning Agent
Version 2.2.1

CVSS Information

Base Score 6.8 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Affected Products

  • Okta Okta On-Premises Provisioning Agent 2.2.1

Additional Information

CWE List CWE-532
Source Okta

Description

Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You are affected by this vulnerability if the following preconditions are met: Local server running OPP agent with versions >=2.2.1 and <= 2.3.0, and User account has had an administrator-initiated password reset while using the affected versions.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.