CVE-2025-53120
CRITICALSecurden Unified PAM 9.0-* < 11.3.1 - Unauthenticated Path Traversal and Remote Code Execution via Upload Functionality
Title source: llmDescription
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server.
References (1)
Core 1
Core References
Third Party Advisory third-party-advisory
https://www.rapid7.com/blog/post/securden-unified-pam-multiple-critical-vulnerabilities-fixed/
Scores
CVSS v3
9.4
EPSS
0.0863
EPSS Percentile
94.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
Securden/Unified PAM
9.0.* - 11.3.1
Published
Aug 25, 2025
Tracked Since
Feb 18, 2026