平台
other
组件
securden-unified-pam
修复版本
11.3.2
CVE-2025-53118 describes a critical authentication bypass vulnerability affecting Securden Unified PAM versions 9.0.0 through 11.3.1. This flaw allows an unauthenticated attacker to gain control over administrator backup functions, leading to the potential exposure of sensitive data. The vulnerability has been resolved in version 11.3.2, and users are strongly advised to upgrade immediately.
The impact of this vulnerability is severe. An attacker exploiting CVE-2025-53118 can bypass authentication and directly manipulate administrator backup processes within Securden Unified PAM. This allows them to access and exfiltrate sensitive information, including stored passwords, secrets, and application session tokens. Successful exploitation could lead to complete compromise of the system and the applications relying on Unified PAM for authentication. The ability to control backup functions also provides a pathway for data destruction or modification, significantly expanding the potential damage.
CVE-2025-53118 was publicly disclosed on 2025-08-25. The vulnerability's severity (CVSS 9.8) indicates a high probability of exploitation. As of this writing, no public proof-of-concept (PoC) code has been released, but the ease of exploitation described in the vulnerability description suggests that a PoC is likely to emerge. It is not currently listed on the CISA KEV catalog, but its critical severity warrants close monitoring.
Organizations utilizing Securden Unified PAM for centralized authentication, particularly those with legacy configurations or shared hosting environments, are at significant risk. Environments where administrator backup functions are frequently accessed over the network are especially vulnerable.
disclosure
漏洞利用状态
EPSS
27.98% (96% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-53118 is to upgrade Securden Unified PAM to version 11.3.2 or later. If immediate upgrade is not feasible, consider implementing temporary workarounds. Restrict network access to the Unified PAM server to only authorized personnel and systems. Implement strict firewall rules to limit inbound connections. Monitor system logs for suspicious activity, particularly related to backup operations. While not a direct fix, these measures can reduce the attack surface and potentially detect exploitation attempts. After upgrading, confirm the fix by attempting to trigger a backup function without authentication and verifying that access is denied.
Actualice Securden Unified PAM a una versión posterior a 11.3.1 para corregir la vulnerabilidad de omisión de autenticación. Esto evitará que atacantes no autenticados accedan a funciones de respaldo del administrador y comprometan contraseñas, secretos y tokens de sesión de la aplicación.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-53118 is a critical vulnerability in Securden Unified PAM versions 9.0.0–11.3.1 that allows an unauthenticated attacker to bypass authentication and control administrator backup functions, potentially compromising sensitive data.
If you are running Securden Unified PAM versions 9.0.0 through 11.3.1, you are potentially affected by this vulnerability. Upgrade to version 11.3.2 or later to mitigate the risk.
The recommended fix is to upgrade Securden Unified PAM to version 11.3.2 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting network access and monitoring system logs.
While no public proof-of-concept code has been released, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation. Monitor your systems closely.
Please refer to the Securden website and security advisories for the official announcement and detailed information regarding CVE-2025-53118.