Looking for a bug fix list for all versions of Privilege Secure?
All bug fixes will automatically be added here!
25.12 Updates
Patch Version 25.12.2 Released - Privilege Secure
January 29, 2026
The latest Hotfix, version 25.12.2 of Netwrix Privilege Secure, is now available, addressing the issue detailed below.
| ID | Description |
|---|---|
| 411913 | Improved stability when calling built-in PowerShell scripts |
| 412894 | Resolved Active Login and Session Cancelled/Completed not appearing in SIEM events for certain activities |
| 413510 | Added stability to backend Quartz concurrency |
Netwrix Privilege Secure Q4 2025 Release (25.12.1)
December 18, 2025
This list includes the most significant fixes in this release; numerous minor bugs have also been addressed.
Bug Fixes
| ID | Decription |
|---|---|
| 401184 | Secure Remote Access: Copy/paste for text now works as expected |
| 405067 | Sessions now provision as expected when using any of the built-in Replication steps |
| 400511 | Remove from AD Group now works in all expected circumstances |
| 402745 | Unmanaged users no longer disappear from the Credentials tab |
| 402791 | Login Account Template now respected for âCustomâ Requester Login Format |
| 405542 | Service accounts no longer get stuck in âqueuedâ state when rotating passwords in certain scenarios |
| 406000 | Active session reference counts are now accurate; no longer prevent password rotations from occurring or managed accounts from being disabled |
| 403122 | Improved page load speed for domain details |
| 403123 | Improved page load speed for events |
| 403292 | Policy search now works as expected when viewing a user |
| 404013 | User group authentication method now overrides âInternal MFAâ authentication |
| 404211 | Managing individual resources now works as expected for Active Directory for resource groups |
| 404217 | âRotateâ button now works as expected for resource groups |
| 404427 | Passwords can now be viewed as expected within the NPS UI (when allowed by admins) |
| 405051 | Protection Policies now function as expected in all scenarios. |
| 405395 | IIS no longer fails to load when running the installer due to âstalled running jobsâ |
| 405994 | Improved performance of loading credentials from both PostgreSQL and SQL Server databases |
| 407104 | Improved performance for session provisioning and deprovisioning |
| 407930 | Improved performance of various lists throughout the application |
| 408017 | Drives can now be mapped during RDP sessions as expected |
| 408167 | All report filters now respect the specified timeframe |
| 408176 | Proxy now deleted old log files as expected |
| 409290 | Resolved data processing error ânull value in column âHostUsersIdâ of relation âHostDatabaseDbHostUserâ violates not-null constraintâ during Oracle and SQL database scans |
| 409295 | Removed âAssociated Domain Controllerâ and âService Accountâ fields from website resources, as they served no function |
| 409907 | Resolved PDF download failure in Audit & Reporting |
| 410292 | Improved communication performance for service messaging broker |
| 411442 | Resolved replication scheduled task conflict w/ multiple Action Service workers |
| 412361 | Resolved NATS communication issues in service meshes |
Known Issues
| ID | Description |
|---|---|
| 401699 | NPS servers that donât use a trusted certificate need to re-add âInsecureSkipVerifyâ to Host Scan Serviceâs âappsettings.user.jsonâ after upgrading |
| 410722 | Error duplicate key value violates unique constraint "PK_host_user_group_joinâ |
| 410813 | RDP sessions may have issues related to extending sessions, recording keystrokes, and viewing the mouse cursor when both the client and destination are a combination of Windows 11 and Windows Server 2025. |
25.09 Updates
Hotfix Version 25.09.30002 Released for Netwrix Privilege Secure
October 7, 2025
| ID | Description |
|---|---|
| 359286 | Policy list and policy count on Users & Groups > Users > Policies tab now match |
| 400425 | Passwords for managed accounts are now properly rotated (Managed Account sessions, Credential Release, etc.) |
| 400988 | Added expanded logging for Active Directory sync |
| 401543 | Updated the ciphers used in the Proxy Service |
| 401545 | RDP window no longer needs to be manually closed when an RDP session ends |
| 401898 | Oracle Users with âinfinityâ or â-infinityâ set as their âpassword_changed_date_timeâ no longer cause credential page load failures |
| 401900 | Proxy Service now uses the expected version numbering format |
| 402822 | Certain Active Directory account types experiencing an error during management no longer experience this issue |
| 403101 | Provisioned sessions now accurately appear on Access tab without needing to refresh the page |
| 403126 | âSkipEmitEventâ setting added to Web Serviceâs appsettings.json, which will bypass adding duplicate errors to SIEM |
| 403292 | Policy search when viewing a user now functions as expected |
September '25 Release (25.09.16002)
September 23, 2025
This list includes the most significant fixes in this release; numerous minor bugs have also been addressed.
Bug Fixes
| ID | Decription |
|---|---|
| 393674 | Prevent browser extension from exiting the browser when dev tools are opened |
| 396146 | Server error while starting live session view: âUnable to load recording not availableâ |
| 400525 | Requester using requester account during activity steps rather than output of login account template |
| 400820 | For Direct Connect Strings, revert Requester logic for all login templates other than âCustomâ so only a single password entry is needed when NPS User == Requester User |
| 401052 | RefreshTokens are overwritten by the Heartbeat Worker - causes a service that is offline for more than 15 minutes to fail to RenewToken |
| 401056 | RDS Web App Launcher - Auto Credential Injection Failure |
| 401058 | Accounts not being enabled due to NPS server unable to find PDCe |
| 401168 | Users with âinfinityâ or â-infinityâ set as their password_changed_date_time cause credential page load failures |
| 401319 | HostScanServiceWorkers and ActionServiceWorkers donât respawn as expected |
| 401891 | NPS creates sudoers.d files with incorrect permissions (0770 instead of 0440) |
| 401402 | Secure Remote Access Portal: Cannot launch Entra ID MyApps via RDS when using the Dashboard tab - âUnable to download RDP fileâ |
Known Issues
| ID | Description |
|---|---|
| 401184 | Copy/paste doesnât function during Secure Remote Access RDP sessions |
| 401699 | NPS servers that donât use a trusted certificate need to re-add âInsecureSkipVerifyâ to Host Scan Serviceâs âappsettings.user.jsonâ after upgrading |
Hotfix Version 25.09.03002 Released for Netwrix Privilege Secure
September 9, 2025
| ID | Description |
|---|---|
| 400423 | Disable user action could fail to find the PDCe in certain domain environments |
| 400424 | Interactive App Launch can now be used with website and database resources |
| 400428 | Viewing SIEM Service details created a long running query that didnât cancel |
| 400435 | Updated version of the Endpoint Policy Manager integration that ships in the Extras folder |
| 400445 | The MFA registration page could appear in certain circumstances after a user was removed from NPS and the user tried to log-in again |
| 400449 | âCopy Usernameâ and âCopy Passwordâ buttons didnât work as expected in Safari on macOS |
| 400472 | Removed âCopyâ functionality from the Active Directory platform |
| 400473 | In certain circumstances, a reportâs data in the UI could be slightly different than the reportâs data when downloaded as a CSV |
| 400475 | Users that have been removed from NPS could still appear in certain places within the app |
| 400517 | Service account rotations could get stuck in the âqueuedâ state |
| 400421 | Secure Remote Access: âFailed to impersonate userâ error could prevent access to sessions via the Portal |
| 400961 | Secure Remote Access: Nginx process wouldnât start automatically after Portal installation or reboot |
25.08 Updates
Hotfix Version 25.08.15002 Released for Netwrix Privilege Secure
August 19, 2025
| ID | Description |
|---|---|
| 39 | Folder nps_realvnc is missing in Extras folder |
| 10 | Requester sessions as local Windows users donât work |
| 44 | Secure Remote Access (SRA): For a scheduled session the ârequested byâ hyperlink should not be present |
| 16 | Services often need to be re-registered; every few days session provisioning starts to fail |
| 45 | SIEM Service Performance: Need indexes to handle large data volumes |
July '25 Release (v25.08.04003)
August 7, 2025
This list includes the most significant fixes in this release; numerous minor bugs have also been addressed.
| ID | Decription |
|---|---|
| 373712 | Browser Extension: Resolved âClear Website Data Before Startâ not targeting cached admin.microsoft.com data |
| 381101 | Resolved an issue preventing Task Automation sessions from ending |
| 384101 | Stopped High Availability configuration tool from generating numerous pg_hba.conf.old files |
| 391963 | Resolved an issue that could cause discrepancies in SIEM event times |
| 391964 | Prevented incorrect password changes in certain multi-activity scenarios |
| 392764 | Prevented Content Security Policy from breaking the Secure Remote Access portal UI |
| 394009 | Non-Default Connection Profiles are now updated to record keystrokes if session recording was already enabled when upgrading |
| 394452 | Resolved situation that could prevent Secure Remote Access portal sessions from connecting |
| 394483 | Prevented host scan from marking computers as âWinRM Disabledâ if it cannot find a host online during subsequent host scans |
| 395827 | Resolved Cisco OS detection for Linux causing an issue with certain Cisco devices |
| 396697 | Resolved copy/paste not always functioning during Secure Remote Access sessions |
25.06 Updates
June '25 Release (v25.06.30001)
July 1, 2025
This list includes the most significant fixes in this release; numerous minor bugs have also been addressed.
| ID | Decription |
|---|---|
| 342834 | NATS could time out due to a large amount of unsent approval emails |
| 378406 | NPS user account password could be incorrectly prompted for instead of the intended session Requesterâs password |
| 392894 | Action Service was not always prioritized over the Host Scan Service |
| 392901 | Certain changes to the Host Scan Service could inadvertently disable the Email Service |
May â25 Release (v25.06.23002)
June 12, 2025
This list includes the most significant fixes in this release; numerous minor bugs have also been addressed.
| ID | Decription |
|---|---|
| 390126 | Managed Account check-in workflows did not always function as expected |
| 388185 | Unassigned access policies could display on the Resource Selection > Session Wizard |
| 387363 | Activities that add to Domain Admins group could fail for subdomains |
| 386979 | Removed a cipher typo in sbpam_sshclient.json |
| 386260 | Hosts added through Active Directory could have DNS name falsely replaced if a scanned failed |
| 386065 | âOS Not Definedâ errors could unexpectedly cause host protection and disable RDP to fail |
| 385401 | New Connection Profiles could unexpectedly display under Activity Token Complexity Policy |
| 383678 | Unsupported PostgreSQL regions could cause upgrade failures |
| 381832 | RDS sessions to macOS using RealVNC could fail |
| 374434 | Domains could unexpectedly display under Session Wizard Resource Selection |
| 374220 | API endpoint for looking up Approval by Approval ID did not always function as expected |
| 369763 | Failed password changes now throw better errors in logging |
| 369006 | Custom roles could expose unassigned credentials to users |
| 367236 | Historical page did not load in certain circumstances |
| 363171 | Improved logging for nltest |
| 361054 | Resolved issues with Cisco Model 3850 host scans |
| 360092 | Website sessions could remain live when a session is ended |
| 359030 | Access Policy - user name of a managed account would not always update after AD Sync |
| 356428 | actionserviceWorker could cause a memory leak |
| 347476 | Entra ID verify/rotate password would not function in certain scenarios |
| 346692 | Incorrect values could be used for %Resource% in a proxyâs macro |
| 346446 | User Profile cleanup did not always behave as expected for Domain Accounts |
| 345708 | Renaming a website resource could potentially not update the Credentials tab |
| 345389 | The WebService could process recordings on nodes where the recording does not exist |
| 345316 | Incorrect values could display in the Last Login Column for Role Management |
| 345256 | Webm recordings could potentially get discovered by the wrong proxy in a multi-proxy environment |
| 344086 | Entra ID - With both the create account and delete after use checkboxes selected, the same user could not always be created twice |
| 343827 | Dashboardâs âUsersâ card could cause a memory leak when getting especially large |
| 340747 | Managed User login status did not always update when a user logged-in |
| 319593 | Setting a daily platform host scan schedule could result in an incorrect time |
| 306265 | AD Sync would not always update âMemberâ tab for Group under Users and Groups as expected when a user was removed |
| 304973 | Timeouts could occur when calling PowerShell function Get-SbPAMAdUser |
| 303774 | Custom roles did not always display on the User Roles tab |
| 295700 | Certain aspects of Resource Groups were not working as expected |
| 198027 | Confirmation pop-up did not display group names when removing one or more groups from Collections |
| 138219 | Local accounts for a removed credential could still display in Credentials |
| 87195 | Adding a user group inside of another user group did not always display as expected |
4.2 Updates
Patch Version 4.2 Hotfix 10 Released for Netwrix Privilege Secure
June 3, 2025
We are committed to enhancing the security and reliability of Netwrix Privilege Secure. Please see the important updates below.
| ID | Description |
|---|---|
| 388813 | Resolve an issue causing transport layer errors with RDP |
| 388816 | Resolve an issue causing Domain Admin sessions to fail for foreign domains |
| 388809 | Update version scheme to yyyy.mm.ddxxx |
Patch Version 4.2 Hotfix 9 for Netwrix Privilege Secure Released
May 20, 2025
We are committed to enhancing the security and reliability of Netwrix Privilege Secure. Please see the important updates below.
| ID | Description |
|---|---|
| 386260 | Host added through Active Directory could have DNS name falsely replaced if scan fails |
| 386065 | OS Not Defined, unable to protect host and unable to enable/disable RDP on a host |
| 385401 | New Connection Profile can show incorrect Activity Token Complexity Policy |
| 383678 | PG16 Unsupported PostgreSQL Region causes upgrade failure |
| 382921 | Database service status indicator not functioning |
| 382073 | Connection Profile Page - Activity Token Complexity drop list is not populated |
| 381832 | Cannot launch RDS session to MacOS using RealVNC |
| 379565 | Unable to create Access certification |
| 378200 | Custom Script - Force managed account to be disabled in post-session |
| 377258 | Connect icon in session dashboard |
| 376609 | Find/enable pre-session step should ignore Active Directory Recycle Bin objects |
| 376298 | Do not allow âActive Directoryâ resource group to be added to Access Policies |
| 376136 | Access Certification - Users selection list includes Groups |
| 373681 | OIDC configuration wizard can destroy token information |
| 373679 | OIDC authenticator fails to âGet User Dataâ on the first try |
| 373375 | Group membership add/remove should obtain membership information from the target group |
| 371838 | Resources - Hide âRemove from Databaseâ |
| 370747 | User/user group information missing from add users and groups table |
| 370526 | PG16 Installer - Disk space check |
| 369765 | Active Directory Sync - avoid merge conflicts |
| 369763 | Password Rotation Logging - failed password change needs to throw an error |
| 369006 | Application Security - Custom role exposes unassigned credentials to users |
| 365589 | Enhanced logging for approved sessions |
| 363795 | Unable to create connection profile |
| 363590 | Unable to edit default connection profile |
| 363545 | Cisco - Cannot bind argument to parameter âOSâ because it is an empty string |
| 363335 | Putty (Handler) does not work for Linux/Cisco on Chrome |
| 363171 | Logging enhancements for nltest |
| 362721 | Import Posh Signing Certificate uses wrong registry key |
| 362293 | User able to create duplicate connection profiles |
| 361770 | Browser Extension - Ensure that a closed tab always results in a closed session |
| 361738 | Issue adding multiple resources using CSV file |
| 360092 | WebSite Session is now live when session ends |
| 359478 | Prevet merge conflict with SQL backend |
| 359155 | Improve error message for distinguished name parsing in ManagedGroupController |
| 359030 | Access Policy - User name of managed account not updated after AD Sync |
| 358773 | Proxy - Session Extension - Enhanced Logging |
| 355019 | AddMultiple REST endpoint is not de-duping inputs |
| 305747 | Activity Token is created in parent domain instead of child domain when both domains are onboarded |
| 300969 | SAML configuration page - âTest Connectionâ and âLoginâ buttons only work on the second click |
Patch Version 4.2 Hotfix 8 for Netwrix Privilege Secure Released
May 1, 2025
We are committed to enhancing the security and reliability of Netwrix Privilege Secure. Please see the important update below.
| ID | Description |
|---|---|
| 380266 | High Availability - Hardcoded Credentials for Postgres ârepuserâ |
A revised version of our High Availability configuration article is available here. It is essential that you precisely follow these updated steps for all future upgrades. In particular, between configuring the HaMgr tool on the primary and secondary servers, ensure that the encryption keys and the appsettings.json file from the primary are exported to the secondary.
Thank you for your prompt attention to this security matter. For further assistance, please contact our support team.
Patch Version 4.2HF7 Released for Netwrix Privilege Secure
April 15, 2025
| Description | Case # |
|---|---|
| Update FreeRDP to 3.10.3 (addresses graphical issues when launching RDP sessions from Windows 11 24H2) | 360881 |
| Postgres 16 upgrades - before running pg_upgrade, shutdown all relevant NPS services | 377834 |
Version 4.2 - Release Notes & Bug Fixes
April 9, 2024
See the Netwrix_PrivilegeSecure_4.2_BugFixList PDF for a list of bugs fixed in this version.
The following versions may have limited or no support. Please see the