Vulnerability Description
PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from "password" to "text" using browser developer tools. This vulnerability is exploitable by administrative users who have access to the configuration page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pagerduty | Runbook Automation | <= 2025-06-12 |
Related Weaknesses (CWE)
References
- https://github.com/carterross2/Vulnerability-Research/tree/main/CVE-2025-52493Third Party Advisory
- https://www.pagerduty.com/platform/automation/Product
- https://www.pagerduty.com/security/disclosure/Product
- https://www.praetorian.comNot Applicable
FAQ
What is CVE-2025-52493?
CVE-2025-52493 is a vulnerability with a CVSS score of 6.5 (MEDIUM). PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are...
How severe is CVE-2025-52493?
CVE-2025-52493 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52493?
Check the references section above for vendor advisories and patch information. Affected products include: Pagerduty Runbook Automation.