July '25 Release (v25.08.04003)

Products Privilege Secure News
, , ,
1

NPS July 25_v2
NPS July 25_v21000×600 113 KB

Netwrix is pleased to announce the general availability of Netwrix Privilege Secure July ‘25 Release (v25.08.04003) .

Download Netwrix Privilege Secure July ‘25 Release here!

Heads Up: Netwrix Privilege Secure Version Numbering Has Changed!

We’re excited to announce a new release—now using our brand new version numbering! Instead of 4.x, you’ll see versions like v25.05 or v25.06.
Curious why? Check out our version numbering change announcement

Netwrix Privilege Secure July ‘25 Release (v25.08.04003) is Now Live!

The documentation for Privilege Secure July ‘25 release (v25.08.04003) is in progress and will be available at a later date. Please see the following ‘What’s New’ section for new features, bug fix lists, and other information about this release.

What’s New

Features

Command Restrictions for SSH

Specific commands can be restricted during SSH sessions using regular expressions. The system evaluates commands in order from top to bottom, applying the first matching rule. Available actions include logging the command, blocking it, locking the session, or terminating the session. Custom lock messages can be configured per command when using the lock action. Email notifications can be sent to Privilege Secure administrators whenever a restricted command is triggered. Restrictions are configured in the new Command Restrictions section within the Policy tab.

Command Restrictions for SSH (2)
Command Restrictions for SSH (2)668×448 55.3 KB

Command Restrictions for SSH-2
Command Restrictions for SSH-2510×294 71.8 KB

Expire Idle Users

Users who have not logged in to Privilege Secure for a configurable number of days can now be automatically disabled. Disabled users do not consume a license credit. Admins and Application users are exempt from this policy. The idle timeout can be set to a specific number of days or turned off entirely. This setting is available in Global Settings under the Configuration tab and is disabled by default.

Expire Idle Users
Expire Idle Users720×462 59.8 KB

Bring your own vault® (BYOV) for Password Secure

Netwrix Privilege Secure now integrates with Netwrix Password Secure to enable centralized, secure management of privileged credentials. This allows organizations to perform actions as specific users using credentials stored and managed in Password Secure, without exposing or manually handling those credentials. The integration streamlines privileged access workflows across both platforms, enhancing security and operational efficiency.

Bring your own vault
Bring your own vault1387×537 30.2 KB

Other Changes

  • Added tool tips for Dashboard tiles to show exact numbers on hover
  • Added “Run-ADSyncForDomainAndObject” as a new action step

Bug Fixes and Miscellaneous Updates

This list includes the most significant fixes in this release; numerous minor bugs have also been addressed.

ID Decription
373712 Browser Extension: Resolved “Clear Website Data Before Start” not targeting cached admin.microsoft.com data
381101 Resolved an issue preventing Task Automation sessions from ending
384101 Stopped High Availability configuration tool from generating numerous pg_hba.conf.old files
391963 Resolved an issue that could cause discrepancies in SIEM event times
391964 Prevented incorrect password changes in certain multi-activity scenarios
392764 Prevented Content Security Policy from breaking the Secure Remote Access portal UI
394009 Non-Default Connection Profiles are now updated to record keystrokes if session recording was already enabled when upgrading
394452 Resolved situation that could prevent Secure Remote Access portal sessions from connecting
394483 Prevented host scan from marking computers as “WinRM Disabled” if it cannot find a host online during subsequent host scans
395827 Resolved Cisco OS detection for Linux causing an issue with certain Cisco devices
396697 Resolved copy/paste not always functioning during Secure Remote Access sessions

Plan your upgrade

Netwrix Privilege Secure 4.1 will reach its end of support life on November 30, 2025. To learn more, please read the Netwrix End-of-Support Policy.

Need help with this update?

There are many different ways to get help with our products!

Situation Action
If you feel the product is broken and not working as intended… Contact Support
If you have a question you’d like to ask other experts… Create a discussion in the community: Privilege Secure > Discussions & Questions
If you have a feature request… Let our product team know directly: Privilege Secure > Ideas
If you have something cool to show… Show everyone what you built: Privilege Secure > Show & Tell

What are your thoughts?

We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!

4 Likes
2

For more details on how to integrate and configure Netwrix Privilege Secure with Password Secure, please see our integration guide here:

Bring your own vault® (BYOV) for Password Secure

The July ‘25 release of Netwrix Privilege Secure (v25.08.04003) introduces this new integration, allowing organizations to centrally manage privileged credentials and perform actions as specific users, all while keeping credentials secure in Password Secure.

1 Like
3

The idle user disable is pretty cool. My follow-up question would be when they try to login does it immediately reactivate them if there is a license available?

4

Hi Andrew,

If the expired user is a member of a group with NPS access, then even once expired (disabled) they’ll be able to log back in without any admin intervention as long as there’s a license credit available.

However, if a user has access to NPS via direct permissions, and not through a group, then once that user is expired (disabled) an NPS admin will need to re-enable them in order for them to be able to log-in again (and again, there needs to be an available license credit).

Hope this helps!

5

2 more questions.

1. How do we tell if they’re disabled when looking in the portal?

2. Can you set multiple different expirations based on user group? If not can we possibly have that added to the road map? I have a few distinct use cases it’d be helpful.

6

Hello,

Could you please describe more about this Restricted SSH Commands feature? We would like to test it, but we don’t know on which level we can apply this restriction. Is it just a global settings or per activity / per resource?

7

Hi Adam,

You can create as many SSH Command Restriction plans as you’d like, with as many commands in each plan as you’d like.

A single plan can be applied to each Connection Profile, so depending on how you use Connection Profiles with Access Policies, you can absolutely target specific activities and/or resources.

Hope that helps! :grinning_face_with_smiling_eyes: