Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: CVE-2025-24503 ALLOWS A MALICIOUS ACTOR TO FIX THE SESSION OF A SYMANTEC PRIVILEGED ACCESS MANAGEMENT USER BY TRICKING THEM INTO CLICKING A SPECIALLY CRAFTED LINK, PATCH IMMEDIATELY!
Image
Published : 31/01/2025
Reference:
Advisory #2025-25
Version:
1.0
Affected software:
Symantec Privileged Access Manager prior to v4.2.1.
Type:
Session fixation
CVE/CVSS:
CVE-2025-24503: 9.3 (CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
Sources
Risks
Successful exploitation of this vulnerability could result in unauthorized access to the user’s session, potentially leading to severe consequences such as privilege escalation or complete system compromise.
This vulnerability has a significant impact on confidentiality, integrity, and availability.
There is currently no evidence of this vulnerability being actively exploited, nor are there any proof-of-concept exploits available at this time.
Description
A malicious actor can exploit this vulnerability by crafting a specially designed link and tricking a PAM (Privileged Access Management) user into clicking it.
This link would target the PAM server and "fix" the session of the user.
In session fixation attacks, the attacker can manipulate the session ID before the user logs in, allowing the attacker to hijack the session after the user authenticates.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.