Cyber Resilience

CVE-2025-53118

Critical

Published: 25 August 2025

Published
25 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3491 97.1th percentile
Risk Priority 41 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53118 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

An authentication bypass vulnerability, tracked as CVE-2025-53118 and assigned CWE-306, affects Securden Unified PAM. The flaw permits an unauthenticated attacker to seize control of administrator backup functions, exposing stored passwords, secrets, and application session tokens. It carries a CVSS 3.1 base score of 9.8 reflecting network attack vector, low complexity, and no required privileges or user interaction.

An unauthenticated remote attacker can exploit the issue to access and manipulate backup operations, resulting in full compromise of sensitive credential material held by the product. The attack requires no authentication and can be launched over the network, enabling immediate theft or misuse of administrator-level secrets and tokens.

The referenced Rapid7 advisory details multiple critical vulnerabilities in Securden Unified PAM that were addressed through vendor patches. Organizations are advised to apply the available fixes promptly to restore proper authentication controls around backup functionality. The associated EPSS score has remained in the moderate range with a current value of 0.3491 and a peak of 0.3715.

EU & UK References

Vulnerability details

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Auth bypass in network-exposed PAM directly enables T1190 exploitation for credential access via T1552 from backups/tokens.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2017-20217Shared CWE-306
CVE-2026-3323Shared CWE-306
CVE-2025-21515Shared CWE-306
CVE-2025-57432Shared CWE-306
CVE-2026-27446Shared CWE-306
CVE-2026-34472Shared CWE-306
CVE-2026-21446Shared CWE-306
CVE-2021-47891Shared CWE-306
CVE-2025-41715Shared CWE-306
CVE-2026-24790Shared CWE-306

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-53118 by requiring timely identification, reporting, and correction of the authentication bypass flaw through patching.

prevent

Requires robust identification and authentication for organizational users, preventing unauthenticated access to administrator backup functions in the PAM system.

prevent

Enforces approved authorizations for access to sensitive backup controls, countering the authentication bypass vulnerability.

References