Cyberark Endpoint Privilege Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Cyberark Endpoint Privilege Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2018-13052 — CVSS 9.8 (critical): In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that…
CVE-2025-66374 — CVSS 7.8 (high): CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of…
CVE-2018-14894 — CVSS 7.8 (high): CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass…
CVE-2021-44049 — CVSS 7.8 (high): CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan…
CVE-2019-9627 — CVSS 7.0 (high): A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an…
CVE-2020-25738 — CVSS 5.5 (medium): CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL…
CVE-2018-12903 — CVSS 5.4 (medium): In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token…