By rssfeeds-admin 
The flaws three of which allow complete authentication bypass and remote code execution impact versions 9.0.x through 11.3.1. A patch has been issued in version 11.4.4.
Authentication Bypass and Remote Code Execution
The most severe issue, CVE-2025-53118 (CVSS 9.4), is an authentication bypass that abuses the /thirdparty-access flow.
By requesting a session cookie and CSRF token without providing valid credentials, attackers can access multiple API endpoints that incorrectly validate only the presence of cookies, not actual authorization.
Rapid7 demonstrated exploitation by abusing the /configure_schedule API to perform full credentials and database backups.
Where a “superadmin” is enabled, an attacker could extract encrypted password archives; if disabled, attackers could instead trigger complete database dumps containing valid user session cookies, enabling account impersonation.
Session hijacking and NTLMv2 credential relay attacks are also possible due to the ability to exfiltrate database backups via external SMB shares.
Two additional vulnerabilities expose the server to unauthenticated remote code execution (RCE):
- CVE-2025-53119 (CVSS 7.5) – Unrestricted file upload flaw in /accountapp/upload_web_recordings_from_api_server, which allows uploading of arbitrary files without login.
- CVE-2025-53120 (CVSS 9.4) – Path traversal in file upload, enabling overwriting of scripts in privileged directories. By overwriting the default postgresBackup.bat with malicious PowerShell payloads, attackers can chain this with CVE-2025-53118 to reliably execute OS-level commands.
Testing confirmed these vulnerabilities were not reproducible on v9.0.1, but could be exploited in v11.1.x deployments.
Shared Infrastructure Risks
The fourth vulnerability, CVE-2025-6737 (CVSS 7.2), highlights tenant isolation weaknesses. Rapid7 observed that Securden’s Vendor Access Portal relies on shared SSH infrastructure and standard authentication material across instances.
This design allows low-privileged access to Securden’s gateway, raising concerns of cross-tenant exploitation if attackers gained visibility within the environment.
Remediation and Vendor Response
Securden confirmed the issues and released version 11.4.4 to remediate all four vulnerabilities. CEO Bala Venkatramani emphasized that customer security remains the company’s top priority and credited Rapid7 for responsible disclosure.
Organizations using Securden Unified PAM 9.0.x through 11.3.1 are urged to upgrade immediately. Rapid7 has also released InsightVM and Nexpose checks to help enterprises detect vulnerable installations.
Given Securden Unified PAM’s role as a credential broker and session manager, these flaws represent a high-value attack vector, with exploitation enabling attackers to harvest credentials, impersonate admins, and achieve persistent access to critical systems.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post Critical Flaw in Securden Unified PAM Enables Authentication Bypass appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.