CVE-2025-24502

MEDIUM

Broadcom Symantec Privileged Access Management - Improper Session Validation

Title source: llm

Description

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.

References (1)

[Various Sources] https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25362

Scores

CVSS v4 5.3

EPSS 0.0006

EPSS Percentile 17.7%

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-384

Status published

Products (3)

Broadcom/Symantec Privileged Access Management 3.4.6

Broadcom/Symantec Privileged Access Management 4.1.0 - 4.1.8

Broadcom/Symantec Privileged Access Management 4.2.0

Published Jan 30, 2025

Tracked Since Feb 18, 2026