CVE-2025-54392 – Netwrix Directory Manager (formerly Imanami Gro... (How to Fix)

Q: What is the severity of CVE-2025-54392?

CVE-2025-54392 has a CVSS score of 6.1 (MEDIUM). Netwrix Directory Manager (formerly Imanami GroupID) versions 11.0.0.0 through 11.1.25162.02 contain a cross-site scripting (XSS) vulnerability in authentication error handling. This allows attackers to inject malicious scripts that execute in victims' browsers when they view authentication error pages. Organizations using vulnerable versions of this directory management software are affected.

📋 TL;DR

Netwrix Directory Manager (formerly Imanami GroupID) versions 11.0.0.0 through 11.1.25162.02 contain a cross-site scripting (XSS) vulnerability in authentication error handling. This allows attackers to inject malicious scripts that execute in victims' browsers when they view authentication error pages. Organizations using vulnerable versions of this directory management software are affected.

💻 Affected Systems

Products:

Netwrix Directory Manager (formerly Imanami GroupID)

Versions: 11.0.0.0 through 11.1.25162.02

Operating Systems: Windows Server (typical deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with vulnerable versions are affected; requires user interaction with crafted authentication error pages.

📦 What is this software?

Directory Manager by Netwrix

View all CVEs affecting Directory Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, perform actions as authenticated users, or redirect users to malicious sites, potentially leading to full system compromise.

🟠

Likely Case

Session hijacking, credential theft, or defacement of authentication error pages through injected content.

🟢

If Mitigated

Limited impact with proper input validation and output encoding in place; attackers could only execute scripts in specific error contexts.

🌐 Internet-Facing: HIGH - Authentication pages are typically internet-facing, making exploitation straightforward if vulnerable.

🏢 Internal Only: MEDIUM - Internal users could still be targeted through phishing or other social engineering attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (viewing crafted error page); no authentication needed to trigger the vulnerable error condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.1.25162.02 or later

Vendor Advisory: https://community.netwrix.com/t/adv-2025-015-critical-vulnerabilities-in-netwrix-directory-manager-formerly-imanami-groupid-v11/17192

Restart Required: No

Instructions:

1. Download the latest patch from Netwrix support portal. 2. Apply the patch following vendor instructions. 3. Verify the version is 11.1.25162.02 or higher.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall rules to filter malicious script patterns in authentication error parameters.

WAF-specific configuration required

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution
Monitor authentication logs for suspicious error patterns

🔍 How to Verify

Check if Vulnerable:

Check the installed version against the vulnerable range; test authentication error pages with safe XSS payloads.

Check Version:

Check application interface or installation directory for version information

Verify Fix Applied:

Confirm version is 11.1.25162.02 or later; test that script injection no longer executes in authentication error responses.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication error patterns
Requests containing script tags or JavaScript in authentication parameters

Network Indicators:

HTTP requests with script payloads in authentication error parameters

SIEM Query:

source="netwrix" AND (error AND (script OR javascript OR <script>))

📊 Metadata

CVE ID: CVE-2025-54392

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.02% exploit probability (5.8th percentile)

Published: August 7, 2025

Last Updated: August 11, 2025

🔗 References

https://community.netwrix.com/t/adv-2025-015-critical-vulnerabilities-in-netwrix-directory-manager-formerly-imanami-groupid-v11/17192 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54392, you might also want to check these: