CVE-2025-53118

CRITICAL EXPLOITED NUCLEI

Unified PAM - Auth Bypass

Title source: llm

Description

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.

Nuclei Templates (1)

Securden Unified PAM - Authentication Bypass

CRITICALVERIFIEDby DhiyaneshDk,pussycat0x,iamnoooob,pdresearch

FOFA: (icon_hash="1798893256" || icon_hash="-766529773")

References (1)

[Third Party Advisory] https://www.rapid7.com/blog/post/securden-unified-pam-multiple-critical-vulnerabilities-fixed/

Scores

CVSS v3 9.8

EPSS 0.3458

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-11-10

CWE

CWE-306

Status published

Products (1)

Securden/Unified PAM 9.0.* - 11.3.1

Published Aug 25, 2025

Tracked Since Feb 18, 2026