CVE-2025-24505

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

8.8HIGH

EPSS

0.5%

top 32.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Symantec Privileged Access Management

Timeline

PublishedJan 30

Description

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages1 packages

▶CVEListV5broadcom/symantec_privileged_access_management4.1.0 — 4.1.8+1

🔴Vulnerability Details

CVEList

CVE-2025-24505: This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a speci↗2025-01-30

▶

GHSA

GHSA-498c-98jc-j5pq: This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a speci↗2025-01-30

▶