NetwrixCVEs & Vulnerabilities

17 CVEs affecting Netwrix products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

directory manager 11auditor 2password secure 2account lockout examiner 1usercube 1
CVE-2025-54397MEDIUM

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users.

7 Aug 2025
4.3
CVSS
CVE-2025-54396MEDIUM

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.

7 Aug 2025
5.4
CVSS
CVE-2025-54395MEDIUM

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data.

7 Aug 2025
6.1
CVSS
CVE-2025-54394MEDIUM

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.

7 Aug 2025
5.3
CVSS
CVE-2025-54393MEDIUM

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.

7 Aug 2025
5.4
CVSS
CVE-2025-54392MEDIUM

Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.

7 Aug 2025
6.1
CVSS
CVE-2025-48748CRITICAL

Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.

29 May 2025
10.0
CVSS
CVE-2025-48749CRITICAL

Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.

28 May 2025
9.1
CVSS
CVE-2025-48747MEDIUM

Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource.

28 May 2025
5.0
CVSS
CVE-2025-47748MEDIUM

Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password.

28 May 2025
5.3
CVSS
CVE-2025-48746MEDIUM

Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function.

28 May 2025
6.5
CVSS
CVE-2025-26818CRITICAL

Netwrix Password Secure through 9.2 allows command injection.

3 Apr 2025
9.8
CVSS
CVE-2025-26817CRITICAL

Netwrix Password Secure 9.2.0.32454 allows OS command injection.

3 Apr 2025
9.8
CVSS
CVE-2023-41264CRITICAL

Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints).

28 Nov 2023
9.8
CVSS
CVE-2022-31199KEVCRITICALin the wild

Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors.

11 Jul 2023
9.8
CVSS
CVE-2020-15931HIGH

Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller.

20 Oct 2020
7.5
CVSS
CVE-2019-14969HIGH

Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, granting Authenticated Users full access over the target file). This vulnerability can be triggered by a low-privileged user to perform DLL Hijacking/Binary Planting attacks and ultimately execute code as NT AUTHORITY\SYSTEM with the help of Symbolic Links.

12 Aug 2019
7.8
CVSS
← PrevPage 1 / 1Next →