Date: 30 May 2025
A critical vulnerability has been discovered in Netwrix Directory Manager (formerly Imanami GroupID). The flaw results in sensitive data being exposed during transmission, potentially compromising confidentiality and compliance obligations.
Overview
Improper handling of sensitive data during communication processes can result in the leakage of user or system information. This issue could be exploited through network monitoring or application misuse.
CVE ID: CVE-2025-48749
Severity: Critical
Type: Information Disclosure
Affected Versions:
- v11.0.0.0 and earlier
- Some post v11.1.25134.03 builds
Mitigation Steps
- Apply the latest version as specified in Netwrix’s advisory.
- Audit past logs and transmissions for evidence of unintentional disclosure.
- Restrict access to systems that process or transmit sensitive data.
Summary for Security Teams
- Product: Netwrix Directory Manager
- Threat Level: Critical
- Action: Patch systems and audit transmission history
Reference
Need Help?
If your organisation requires assistance identifying affected systems, applying updates or adjusting controller configurations, our team is here to help. Email us via soc@secure-iss.com for assistance.
