Severity: High
CVE ID: CVE-2025-4680
Details
These advisory addresses an agent miss configuration where agent fails to select correct configuration if multiple configurations are applied.
Problem type: CWE-20
Impact: CAPECT-180
Applicability
This advisory is applicable only when
| Product Name | Impacted Version(s) | Fixed Version(s) | Released On |
| upKeeper Instant Privilege Access* | 1.3.1 and below | 1.4.0 | 2025-05-21 |
* - Applicable only if the agent is configured through portal and group policy.
Impact
This vulnerability gives a user different rights depending on rules applied at every given time.
Fix
This issue can be fixed by updating the upKeeper Instant Privilege Access agent to version 1.4.0 or later.
Acknowledgements
This vulnerability was found and reported internally.
Please contact our security team (secure@upkeeper.se) for security related questions and product support (help@upkeeper.se) for questions about our products or services.
Comments
0 comments
Please sign in to leave a comment.