CVE-2025-22956
OPSI · OPSI
A privilege escalation vulnerability in OPSI before 4.3 allows any client to retrieve ProductPropertyState data belonging to other clients, potentially exposing sensitive secrets.
Executive summary
A critical privilege escalation flaw in OPSI versions prior to 4.3 allows unauthorized clients to access sensitive data, including secrets belonging to other systems.
Vulnerability
The vulnerability exists in the handling of ProductPropertyState, allowing any client to retrieve data belonging to other clients. If these states contain sensitive information or secrets, this leads to unauthorized information disclosure and privilege escalation.
Business impact
With a CVSS score of 9.8, this vulnerability allows for lateral movement and the theft of sensitive configuration data or credentials stored within the OPSI environment. Successful exploitation could lead to full compromise of the managed client fleet, resulting in significant security and operational risks.
Remediation
Immediate Action: Upgrade all OPSI installations to version 4.3 or the latest available release provided by the vendor.
Proactive Monitoring: Audit OPSI logs for unusual requests or access patterns where one client attempts to query or retrieve data associated with other managed assets.
Compensating Controls: Implement strict network segmentation and access controls to limit the exposure of the OPSI management server to untrusted clients.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the potential for wide-scale credential theft across managed endpoints, this update should be prioritized. Organizations must ensure that OPSI environments are patched to the 4.3 release to resolve this fundamental security flaw.