Cyber Resilience

CVE-2025-53120

Critical

Published: 25 August 2025

Published
25 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0204 84.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-53120 is a critical-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A path traversal vulnerability exists in the unauthenticated upload functionality of Securden Unified PAM, tracked as CVE-2025-53120 with CWE-22. The flaw allows directory traversal during file uploads that reach the server's configuration and web root directories.

Unauthenticated remote attackers can exploit the issue over the network with low attack complexity to upload arbitrary binaries and scripts, achieving remote code execution on the Unified PAM server. The vulnerability is rated 9.4 under CVSS 3.1.

The Rapid7 advisory covering this CVE and related issues in Securden Unified PAM states that patches have been released to address the flaws and urges customers to apply updates promptly. The EPSS score remains flat at 0.0204 with no material rise observed.

EU & UK References

Vulnerability details

A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Path traversal in unauthenticated upload to web root directly enables web shell placement and RCE against a public-facing PAM server.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-1661Shared CWE-22
CVE-2026-33529Shared CWE-22
CVE-2026-9550Shared CWE-22
CVE-2024-44373Shared CWE-22
CVE-2019-25471Shared CWE-22
CVE-2024-11642Shared CWE-22
CVE-2025-67684Shared CWE-22
CVE-2025-41758Shared CWE-22
CVE-2025-12382Shared CWE-22
CVE-2025-54446Shared CWE-22

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the path traversal vulnerability by requiring identification, reporting, and correction of flaws through vendor patches as detailed in the Rapid7 advisory.

prevent

Validates and sanitizes unauthenticated upload inputs to block path traversal attempts targeting configuration and web root directories.

prevent

Restricts information inputs for upload functionality to approved file types, sizes, and destinations, preventing placement of executables in sensitive server directories.

References