CVE-2025-24503

CWE-3843 documents3 sources

Severity

9.3CRITICAL

EPSS

0.1%

top 77.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Symantec Privileged Access Management

Timeline

PublishedJan 30

Description

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages1 packages

▶CVEListV5broadcom/symantec_privileged_access_management4.1.0 — 4.1.8+2

🔴Vulnerability Details

CVEList

CVE-2025-24503: A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server↗2025-01-30

▶

GHSA

GHSA-j634-qrvx-mfvr: A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server↗2025-01-30

▶