CVE-2025-53118
published 2025-08-25CVE-2025-53118: An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of…
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
29.37%
97.9th percentile
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| securden | unified_pam | 9.0.* – 11.3.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/thirdparty-access
url/get_csrf_token
url/get_date_picker_format
othericon_hash=1798893256
othericon_hash=-766529773
- →Probe for unauthenticated access to /thirdparty-access; a 302 redirect (rather than an auth challenge) indicates the endpoint is reachable without credentials and the vulnerability may be present.
- →An unauthenticated HTTP 200 response from /get_csrf_token containing a JSON body with 'token' and Content-Type application/json confirms the authentication bypass on the CSRF token endpoint.
- →An unauthenticated HTTP 200 response from /get_date_picker_format containing 'current_date' in a JSON body confirms the authentication bypass on the date-picker endpoint, completing the three-step exploit chain.
- →Use FOFA icon-hash fingerprints to identify Securden Unified PAM instances exposed on the internet before probing for the vulnerability.
- →The full exploit requires three sequential unauthenticated requests (flow: http(1) & http(2) & http(3)); all three steps succeeding together is a high-confidence indicator of exploitation.
- ·The Nuclei template is verified (verified: true) and requires exactly 3 HTTP requests (max-request: 3); detection logic depends on all three matchers passing in sequence.
- ·The vulnerability allows an unauthenticated attacker to control administrator backup functions, meaning exploitation can lead to full compromise of stored passwords, secrets, and session tokens without any prior authentication. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fq2g-f63j-9x36: An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromis
ghsa_unreviewed·2025-08-26
CVE-2025-53118 [CRITICAL] CWE-306 GHSA-fq2g-f63j-9x36: An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromis
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
VulnCheck
Missing Authentication for Critical Function
vulncheck·2025·CVSS 9.8
CVE-2025-53118 [CRITICAL] Missing Authentication for Critical Function
Missing Authentication for Critical Function
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
Affected: Securden Unified PAM
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-11-10&host_type=src&vulnerability=cve-2025-53118; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-11-11&host_type=src&vulnerability=cve-2025-53118; https://dashboard.shadowserver.org/stati
No detection rules found.
Nuclei
Securden Unified PAM - Authentication Bypass
nuclei·CVSS 9.8
CVE-2025-53118 [CRITICAL] Securden Unified PAM - Authentication Bypass
Securden Unified PAM - Authentication Bypass
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
Template:
id: CVE-2025-53118
info:
name: Securden Unified PAM - Authentication Bypass
author: DhiyaneshDk,pussycat0x,iamnoooob,pdresearch
severity: critical
description: |
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
impact: |
Unauthenticated attackers can control administrator backup functions to compromise passwords, secrets,
No writeups or analysis indexed.
2025-08-25
Published
Exploited in the wild