Platform
other
Component
securden-unified-pam
Opgelost in
11.3.2
CVE-2025-53120 describes a critical path traversal vulnerability discovered in Securden Unified PAM. This flaw allows unauthorized users to upload arbitrary files, including malicious binaries and scripts, to sensitive directories on the server, potentially leading to remote code execution. The vulnerability affects versions 9.0.0 through 11.3.1 of Securden Unified PAM, and a patch is available in version 11.3.2.
The impact of this path traversal vulnerability is severe. An attacker who successfully exploits this flaw can upload and execute arbitrary code on the Securden Unified PAM server. This could lead to complete system compromise, including data exfiltration, modification, or deletion. The attacker could also leverage this access to move laterally within the network, potentially compromising other systems connected to the Unified PAM server. The ability to upload binaries directly to the web root and configuration directories significantly expands the attack surface and increases the potential for widespread damage. This vulnerability shares similarities with other path traversal exploits where attackers leverage predictable file system structures to gain unauthorized access.
CVE-2025-53120 has been published on 2025-08-25. The CVSS score of 9.4 (CRITICAL) indicates a high probability of exploitation. As of this writing, no public proof-of-concept exploits are publicly available, but the ease of exploitation inherent in path traversal vulnerabilities suggests that one may emerge quickly. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on Securden Unified PAM for centralized authentication and privileged access management are particularly at risk. Environments with legacy configurations or those lacking robust file upload security controls are also more vulnerable. Shared hosting environments where multiple users share the same server instance should be considered high priority.
• linux / server:
find /var/log/securden -type f -mtime -7 -name '*upload*' -print• generic web:
curl -I 'http://<target>/upload?file=../../../../etc/passwd' # Check for 200 OK or other unexpected responses• linux / server:
journalctl -u securden -f | grep -i 'upload' # Monitor for suspicious upload activitydisclosure
Exploit Status
EPSS
1.14% (78% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-53120 is to immediately upgrade Securden Unified PAM to version 11.3.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict file upload permissions to authenticated users only and implement strict input validation on uploaded files to prevent path manipulation. Consider using a Web Application Firewall (WAF) to filter out malicious requests attempting to exploit the path traversal vulnerability. Monitor system logs for suspicious file uploads or execution attempts. After upgrading, verify the fix by attempting to upload a test file with a manipulated path (e.g., ../../../../etc/passwd) and confirming that the upload is rejected.
Werk Securden Unified PAM bij naar een versie later dan 11.3.1 om de padtraversageer kwetsbaarheid te verhelpen. Dit voorkomt ongeautoriseerde remote code execution. Raadpleeg de Rapid7 blog voor meer details.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-53120 is a critical path traversal vulnerability in Securden Unified PAM versions 9.0.0–11.3.1, allowing attackers to upload and execute malicious files, potentially leading to remote code execution.
If you are using Securden Unified PAM versions 9.0.0 through 11.3.1, you are potentially affected by this vulnerability. Upgrade to version 11.3.2 or later to mitigate the risk.
The recommended fix is to upgrade to Securden Unified PAM version 11.3.2 or later. Temporary workarounds include restricting file upload permissions and implementing strict input validation.
While no public exploits are currently available, the ease of exploitation suggests a high probability of exploitation. Monitor your systems closely for suspicious activity.
Please refer to the Securden website and security advisories for the latest information and official guidance regarding CVE-2025-53120.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.