cbcvebase.

Securden Unified Pam vulnerabilities

4 known vulnerabilities affecting securden/unified_pam.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH2

Vulnerabilities

Page 1 of 1
CVE-2025-53118P1CRITICALCVSS 9.8ExploitedPoC≥ 9.0.*, ≤ 11.3.12025-08-25
CVE-2025-53118 [CRITICAL] CWE-306 CVE-2025-53118: An authentication bypass vulnerability exists which allows an unauthenticated attacker to control ad An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
nvd
CVE-2025-53120P2CRITICALCVSS 9.4≥ 9.0.*, ≤ 11.3.12025-08-25
CVE-2025-53120 [CRITICAL] CWE-22 CVE-2025-53120: A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to u A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server.
nvd
CVE-2025-53119P3HIGHCVSS 7.5≥ 9.0.*, ≤ 11.3.12025-08-25
CVE-2025-53119 [HIGH] CWE-434 CVE-2025-53119: An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious bin An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server.
nvd
CVE-2025-6737P3HIGHCVSS 7.2≥ 9.0.*, < 11.3.12025-08-25
CVE-2025-6737 [HIGH] CWE-1391 CVE-2025-6737: Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens a Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions.
nvd
Securden Unified Pam vulnerabilities | cvebase