CVE-2025-6737 | THREATINT

Description

Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions.

PUBLISHED Reserved 2025-06-26 | Published 2025-08-25 | Updated 2025-08-25 | Assigner rapid7

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-1391: Use of Weak Credentials

Product status

Default status

unaffected

9.0.* before 11.3.1

affected

Credits

Aaron Herndon, Principal Security Consultant, and Marcus Chang, Security Consultant, both of Rapid7. finder

References

www.rapid7.com/...m-multiple-critical-vulnerabilities-fixed/ third-party-advisory

cve.org (CVE-2025-6737)

nvd.nist.gov (CVE-2025-6737)

Download JSON