Home

Description

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.

PUBLISHED Reserved 2025-06-26 | Published 2025-08-25 | Updated 2025-08-25 | Assigner rapid7




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

9.0.*
affected

Credits

Aaron Herndon, Principal Security Consultant, and Marcus Chang, Security Consultant, both of Rapid7. finder

References

www.rapid7.com/...m-multiple-critical-vulnerabilities-fixed/ third-party-advisory

cve.org (CVE-2025-53118)

nvd.nist.gov (CVE-2025-53118)

Download JSON