Plattform
windows
Komponente
sdm
Behoben in
47.49.1
CVE-2025-6182 is a vulnerability affecting the StrongDM Windows service, specifically related to its handling of system certificate management. Successful exploitation could allow attackers to manipulate the system's trust store by installing malicious root certificates or removing legitimate ones. This impacts versions 0.0 through 47.49.0 of the StrongDM Windows service, and a fix is available in version 47.49.1.
The core of this vulnerability lies in the StrongDM Windows service's improper handling of certificate communication. An attacker exploiting this flaw could inject malicious root certificates into the system's trust store, effectively allowing them to intercept and decrypt sensitive traffic. Conversely, they could remove existing trusted certificates, disrupting legitimate communication and potentially causing system instability. The blast radius extends to any system relying on StrongDM for secure access and certificate management, as compromised certificates undermine the entire trust chain. This could lead to data breaches, unauthorized access to resources, and complete system takeover.
CVE-2025-6182 was publicly disclosed on 2025-08-20. As of this date, no public proof-of-concept exploits are known. The vulnerability is not currently listed on the CISA KEV catalog. The probability of exploitation is currently assessed as low, but proactive patching is strongly recommended due to the potential for severe impact.
Organizations heavily reliant on StrongDM for secure access and certificate management are particularly at risk. This includes environments utilizing StrongDM for VPN access, SSH tunneling, or other secure communication channels. Legacy StrongDM deployments with outdated configurations and inadequate monitoring are also more vulnerable.
• windows / supply-chain:
Get-Service StrongDM | Select-Object Status, StartType• windows / supply-chain:
Get-WinEvent -LogName Application -Filter "EventID = 1000 -Message contains 'StrongDM'" -Newest 100• windows / supply-chain:
Get-ItemProperty 'HKLM:\SOFTWARE\StrongDM' -Name Versiondisclosure
Exploit-Status
EPSS
0.01% (3% Perzentil)
CISA SSVC
The primary mitigation for CVE-2025-6182 is to immediately upgrade the StrongDM Windows service to version 47.49.1 or later. If an immediate upgrade is not feasible due to compatibility concerns or testing requirements, consider implementing stricter certificate revocation checking policies within your environment. Monitor StrongDM logs for any unusual certificate installation or removal events. While a WAF or proxy cannot directly mitigate this vulnerability, they can provide an additional layer of defense by inspecting certificate chains and blocking suspicious connections. After upgrading, confirm the fix by verifying the certificate store and ensuring no unauthorized certificates are present.
Actualice el servicio StrongDM a la última versión disponible. La nueva versión corrige el manejo incorrecto de los certificados del sistema, evitando la inyección de certificados raíz no confiables o la eliminación de los confiables. Consulte el sitio web de StrongDM para obtener la versión más reciente e instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-6182 is a vulnerability in the StrongDM Windows service that allows attackers to install untrusted root certificates or remove trusted ones, potentially compromising system trust.
You are affected if you are running StrongDM Windows service versions 0.0 through 47.49.0.
Upgrade the StrongDM Windows service to version 47.49.1 or later. Consider stricter CRL checks and monitoring as an interim measure.
There are currently no publicly available proof-of-concept exploits, but the potential for certificate manipulation suggests a risk of exploitation.
Refer to the StrongDM security advisory published on their official website (check StrongDM's security announcements page).
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.