Executive Summary
A vulnerability was identified in Netwrix Privilege Secure which may expose the password of the Netwrix Privilege Secure Active Directory service account to third-party systems that monitor processes on the domain controller. This may allow an attacker to gain unauthorized access to the Active Directory via the service account credentials.
While Netwrix is unaware of any current exploitation of this vulnerability, all Netwrix Privilege Secure customers are advised to apply the available update immediately.
Acknowledgements
We thank Tomasz Wasiak from PFR Operacje for his coordinated disclosure of this vulnerability and his effort and partnership in improving the security of our products.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Exposure of Sensitive Information to an Unauthorized Actor (CVE-2025-54398) | Netwrix Privilege Secure | >=1.0.0.0 <25.09.30002 | 7.1 | 7.9 / 6.9 | When executing the “Run AD Replication for User” or “Run Replication” pre-session (grant) actions Netwrix Privilege Secure specifies the Active Directory service account password as a plaintext argument to the action component. During execution of the action component, its command line arguments including the password may be visible to users in third-party systems, such as Endpoint Detection and Response, that monitor processes on the domain controller. This may allow an attacker to gain unauthorized access to the Active Directory via the service account credentials. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Exposure of Sensitive Information to an Unauthorized Actor | No | No | No |
Solution
All Netwrix Privilege Secure customers are advised to update Netwrix Privilege Secure to version 25.09.30002 or later as soon as possible.
Instructions for the Netwrix Privilege Secure upgrade process can be found in this help center article.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for the vulnerabilities as indicated in the table below.
| Title | Version |
|---|---|
| Exposure of Sensitive Information to an Unauthorized Actor | 25.09.30002 |
FAQ
-
How do I determine the current version of Netwrix Privilege Secure?
The version can be found at the bottom of every Netwrix Privilege Secure page.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 3 | 2025-10-13T14:00:00Z | Added acknowledgements |
| 2 | 2025-10-07T14:00:00Z | Added CVE ID |
| 1 | 2025-10-07T12:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.