CVE-2025-53118

Securden Unified PAM Authentication Bypass

Basic Information

CVE State: PUBLISHED
Reserved Date: June 26, 2025
Published Date: August 25, 2025
Last Updated: August 25, 2025
Vendor: Securden
Product: Unified PAM
Description: An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: poc
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2025-11-11 00:00:00 UTC) Source

References

https://www.rapid7.com/blog/post/securden-unified-pam-multiple-critical-vulnerabilities-fixed/

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-11-11 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-53118.yaml	2026-06-01 15:34:42 UTC

Timeline

CVE ID Reserved

June 26, 2025
CVE Published to Public

August 25, 2025
Added to KEVIntel

November 11, 2025
Detected by Nuclei

June 01, 2026