Executive Summary
A vulnerability was reported to Netwrix, affecting the post-login redireciton behaviour of Netwrix Access Analyzer and the associated Access Information Center addon. Exploiting this vulnerability would allow a successful phishing attack to redirect a user to an untrusted URL.
Acknowledgements
We thank Tomasz Wasiak from PFR Operacje for his coordinated disclosure of this vulnerability and his effort and partnership in improving the security of our products.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| URL Redirection to Untrusted Site (CVE-2025-32362) | Netwrix Access Analyzer | <= 12.0.0.1070, <= 11.6.0.142, <= 11.5.0.279 | 5.1 | 6.1 / 5.5 | An attacker can redirect a user to an untrusted domain via a successful phishing attack. |
| URL Redirection to Untrusted Site (CVE-2025-32362) | Netwrix Access Information Center | <= 12.0.0.50, <= 11.6.0.40, <= 11.5.0.138 | 5.1 | 6.1 / 5.5 | An attacker can redirect a user to an untrusted domain via a successful phishing attack. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| URL Redirection to Untrusted Site (CVE-2025-32362) | Yes | Yes | No |
Solution
All Netwrix Access Analyzer customers are advised to update affected versions (see Official Fixes table below) of Netwrix Access Analyzer and Netwrix Access Information Center as soon as possible by following the instructions referenced in the Netwrix Access Analyzer Upgrade Documentation and Netwrix Access Information Center Upgrade Documentation.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for all listed vulnerabilities as indicated in the table below.
| Product | Release Version |
|---|---|
| Netwrix Access Analyzer v12.0 | 12.0.0.1071 |
| Netwrix Access Analyzer v11.6 | 11.6.0.143 |
| Netwrix Access Analyzer v11.5 | 11.5.0.280 |
| Netwrix Access Information Center v12.0 | 12.0.0.51 |
| Netwrix Access Information Center v11.6 | 11.6.0.41 |
| Netwrix Access Information Center v11.5 | 11.5.0.139 |
FAQ
-
How do I determine which version of Netwrix Access Analyzer is in use?
Please refer to this knowledge base article which shows how the version information can be viewed from the Help > About page.
-
How do I determine which version of Netwrix Access Information Center is in use?
Please refer to this knowledge base article which shows how the version information can be seen on the Diagnostics Configuration page.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | Invalid date | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.