CVE-2025-13532

Description

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

BoKS Server Agent 9.0 (with yescrypt support, running in BoKS 8.1 domain)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-13532 PoC - Password Hash Extraction and Analysis
# This PoC demonstrates extracting weak password hashes from vulnerable BoKS installations

import hashlib
import binascii

def simulate_weak_hash_extraction():
    """
    Simulate extraction of weak password hashes from vulnerable BoKS configuration
    Note: This is a conceptual demonstration only
    """
    print("[*] CVE-2025-13532 - Weak Password Hash Vulnerability PoC")
    print("[*] Target: Fortra BoKS Server Agent 9.0 on BoKS 8.1 domain\n")
    
    # Simulated weak hash detection
    weak_hash_algorithms = ['MD5', 'SHA1', 'DES-based']
    
    print("[+] Checking hash algorithm configuration...")
    print("[*] Domain version: 8.1")
    print("[*] Server Agent version: 9.0")
    print("[*] Yescrypt support: ENABLED")
    print("[-] Incompatibility detected - falling back to weak hash algorithm")
    
    # Simulate hash extraction
    sample_hashes = [
        ('admin', '5f4dcc3b5aa765d61d8327deb882cf99'),  # MD5 example
        ('operator', '5baa61e4c9b93f3f0682250b6cf8331b')  # SHA1 example
    ]
    
    print("\n[+] Extracted password hashes:")
    for user, hash_val in sample_hashes:
        print(f"    {user}:{hash_val}")
    
    print("\n[!] WARNING: Hashes use weak algorithms vulnerable to GPU acceleration")
    print("[*] Recommended action: Upgrade to compatible version or patch configuration")

if __name__ == "__main__":
    simulate_weak_hash_extraction()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13532
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13532
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13532/
[4] VulDB https://vuldb.com/cve/CVE-2025-13532
[5] https://www.fortra.com/security/advisories/product-security/fi-2025-014

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13532", "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "published": "2025-12-16T20:15:47.467", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms.  This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain."}], "metrics": {"cvssMetricV31": [{"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 3.6}]}, "weaknesses": [{"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-916"}]}], "references": [{"url": "https://www.fortra.com/security/advisories/product-security/fi-2025-014", "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff"}]}}