Claroty Named a Leader in IoT Security by Forrester
Get the Report
Background Image
 
English Deutsch Español Français Italiano Português 日本語 한국어 繁體中文
Request a Demo
Claroty Toggle Search

Claroty Product Security

Claroty’s product security incident response team values the relationships we have with our customers and the larger technology ecosystem. Our vow is to deliver the safest products in support of mission-critical infrastructure around the world. We are using our best reasonable efforts to rapidly detect, assess, and respond to security vulnerabilities, and committed to ensuring trust and transparency as part of our secure product development lifecycle.

Report a Vulnerability

Security Advisories

DATE

CVE

PRODUCT + VERSION

SEVERITY
(CVSS v3.1)

October 8, 2025

CVE-2025-54603

Advisory

Claroty Secure Access (formerly Claroty Secure Remote Access or SRA) v 3.3.0 through 4.0.2

9.5

June 29, 2021

CVE-2021-32958

Advisory

Claroty Secure Access (formerly Claroty Secure Remote Access or SRA) v 3.0-3.2

5.5

CVE Risk Levels (CVSS v3.1)

Critical

9.0-10.0

High

7.0-8.9

Medium

4.0-6.9

Low

0-3.9

Report a Vulnerability to Claroty

To report a security vulnerability in any Claroty on-premesis product, SaaS service, or Claroty.com webpage: 

Existing customers may open a support ticket. 


When reporting vulnerabilities via email, please encrypt using Claroty’s public PGP key. Include the following details upon availability:

  • Product name and version

  • Vulnerability type (code execution, command injection, denial of service, etc.) and impact

  • If you were able to reproduce the vulnerability, please describe how

  • Proof-of-concept code

  • Potential remediation

  • Public disclosure intention


Claroty’s OEM Partners should contact their respective representatives or by sending a secure email to psirt@claroty.com

Vulnerability Disclosure Guidelines

Security vulnerabilities in Claroty products and services will be assessed, mitigated, and/or remediated within the applicable timeframes, and as comprehensively as possible in order to ensure the safety and reliability of our products, and maintain the trust of our customers. 

Vulnerabilities, Products in Scope

Claroty’s Vulnerability Disclosure Policy covers Claroty xDome, Claroty xDome Secure Access, Claroty Continuous Threat Detection (CTD), and our web-based properties. 

We urge anyone reporting vulnerabilities to Claroty to submit comprehensive disclosure reports through secure channels. 

Submit reports directly to psirt@claroty.com

Existing customers may open a support ticket. 

Coordinated Disclosures

Claroty follows industry standard coordinated disclosure practices in order to transparently analyze, resolve, and report vulnerabilities discovered in our products and services. Vulnerability reporters and our customers can expect the following activities for any coordinated disclosure:

  • Once a disclosure has been evaluated, we rate and prioritize vulnerabilities using CVSS, EPSS, and other industry-recognized best practices

  • Work toward the assignment of a CVE for confirmed vulnerabilities

  • Provide mitigations, updates or fixes for vulnerabilities in supported versions of our products or services

  • Expedite updates for high-risk, high-impact vulnerabilities

  • Notify customers of new vulnerabilities and remediation information

  • Work with vulnerability reporters on public disclosures

  • Acknowledge vulnerability reporters in any public vulnerability advisory

PGP Key

View our PGP Key


Governing Terms

The information provided herein is subject to the provisions specified in Claroty’s license terms or any other applicable agreements or policies. To the extent applicable to the provided information, documentation or software made available in or through this document, the provisions of Claroty’s Global Website (https://claroty.com/terms-conditions) shall apply additionally.

Claroty
LinkedIn Twitter YouTube Facebook