CVE-2025-53120
Published: 25 August 2025
Summary
CVE-2025-53120 is a critical-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 9.4 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A path traversal vulnerability exists in the unauthenticated upload functionality of Securden Unified PAM, tracked as CVE-2025-53120 with CWE-22. The flaw allows directory traversal during file uploads that reach the server's configuration and web root directories.
Unauthenticated remote attackers can exploit the issue over the network with low attack complexity to upload arbitrary binaries and scripts, achieving remote code execution on the Unified PAM server. The vulnerability is rated 9.4 under CVSS 3.1.
The Rapid7 advisory covering this CVE and related issues in Securden Unified PAM states that patches have been released to address the flaws and urges customers to apply updates promptly. The EPSS score remains flat at 0.0204 with no material rise observed.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-25723
Vulnerability details
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in unauthenticated upload to web root directly enables web shell placement and RCE against a public-facing PAM server.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the path traversal vulnerability by requiring identification, reporting, and correction of flaws through vendor patches as detailed in the Rapid7 advisory.
Validates and sanitizes unauthenticated upload inputs to block path traversal attempts targeting configuration and web root directories.
Restricts information inputs for upload functionality to approved file types, sizes, and destinations, preventing placement of executables in sensitive server directories.