Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Unified PAM

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2025-6737
Assigner-Rapid7, Inc.
ShareView Details
Assigner-Rapid7, Inc.
CVSS Score-7.2||HIGH
EPSS-Not Assigned
Published-25 Aug, 2025 | 16:17
Updated-25 Aug, 2025 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Securden Unified PAM Shared SSH Key and Cloud Infrastructure

Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions.

Action-Not Available
Vendor-Securden
Product-Unified PAM
CWE ID-CWE-1391
Use of Weak Credentials
CVE-2025-53120
Assigner-Rapid7, Inc.
ShareView Details
Assigner-Rapid7, Inc.
CVSS Score-9.4||CRITICAL
EPSS-Not Assigned
Published-25 Aug, 2025 | 16:11
Updated-25 Aug, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Securden Unified PAM Path Traversal In File Upload

A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server.

Action-Not Available
Vendor-Securden
Product-Unified PAM
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-53119
Assigner-Rapid7, Inc.
ShareView Details
Assigner-Rapid7, Inc.
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-25 Aug, 2025 | 16:09
Updated-25 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Securden Unified PAM Unauthenticated Unrestricted File Upload

An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server.

Action-Not Available
Vendor-Securden
Product-Unified PAM
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-53118
Assigner-Rapid7, Inc.
ShareView Details
Assigner-Rapid7, Inc.
CVSS Score-9.8||CRITICAL
EPSS-Not Assigned
Published-25 Aug, 2025 | 16:06
Updated-25 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Securden Unified PAM Authentication Bypass

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.

Action-Not Available
Vendor-Securden
Product-Unified PAM
CWE ID-CWE-306
Missing Authentication for Critical Function