Vulnerability in Fortra Core Privileged Access Manager (Boks)
CVE-2025-13532
Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and a…
EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Fortra Core Privileged Access Manager (Boks) — versions This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain. The affected platforms are: Debian 11, 12, 13, RedHat 9, 10 and Ubuntu 24.
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-13532?
- CVE-2025-13532 is a medium-severity vulnerability in Fortra Core Privileged Access Manager (Boks), classified under Use of Password Hash With Insufficient Computational Effort. CVSS score: 6.2/10. Published 2025-12-16.
- How severe is CVE-2025-13532?
- Medium severity. CVSS v3 base score is 6.2 out of 10.