PingIDM Remote Connector Client-Mode Access Control Bypass (7.2-7.5)
CVE-2025-20628 Published on April 7, 2026
Insufficient granularity of access control for Remote Connector Servers in client mode
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identitys security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.
Weakness Type
Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
Affected Versions
Ping Identity PingIDM:- Version 7.5.0 is affected.
- Version 7.4.0, <= 7.4.1 is affected.
- Version 7.3.0, <= 7.3.1 is affected.
- Version 7.2.0, <= 7.2.2 is affected.
- Before and including 7.1.* is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.