CVE-2025-53118
CRITICAL EXPLOITED NUCLEISecurden Unified PAM 9.0-* < 11.3.1 - Unauthenticated Authentication Bypass via Administrator Backup Functions
Title source: llmExploitation Summary
CVE-2025-53118 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
Nuclei Templates (1)
Securden Unified PAM - Authentication Bypass
CRITICALVERIFIEDby DhiyaneshDk,pussycat0x,iamnoooob,pdresearch
FOFA:
(icon_hash="1798893256" || icon_hash="-766529773")
References (1)
Core 1
Core References
Third Party Advisory third-party-advisory
https://www.rapid7.com/blog/post/securden-unified-pam-multiple-critical-vulnerabilities-fixed/
Scores
CVSS v3
9.8
EPSS
0.3491
EPSS Percentile
97.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2025-11-10
CWE
CWE-306
Status
published
Products (1)
Securden/Unified PAM
9.0.* - 11.3.1
Published
Aug 25, 2025
Tracked Since
Feb 18, 2026