CVE-2025-13762

Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305

CVE ID

CVE-2025-13762

Description

Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge may lead to Denial of Service when trying to starting new SWS sessions. This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.

Tested Versions

CyberArk Secure Web Sessions Extension 2.2.30305 (prod)

Details

CyberArk Secure Web Sessions Extension is a chrome/edge browser extension that is used for launching secure web sessions with Cyberark SWS. It is discovered that it did not perform sufficient input validation allowing malicious extensions to interact with it causing a denial of service when launching new secure web sessions.

Timeline

• 2025-05-13 - Vendor Disclosure

Credit

Discovered by:

Benjamen Lim Goh Jing Loon Sean Seah Tan Inn Fung Zhang Bosen