Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Critical vulnerabilities in Securden’s Unified PAM, Patch Immediately!
Image
Publié : 27/08/2025
Last update: 27/08/2025
Affected products:
→Securden; Unified PAM - versions 9.0.x through 11.3.1Type:
CWE-306 Missing Authentication for Critical Function
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-1391 Use of Weak CredentialsCVE/CVSS:
CVE-2025-53118, CVSS 9.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
CVE-2025-53119, CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N )
CVE-2025-53120, CVSS 9.4 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
CVE-2025-6737, CVSS 7.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N)
Sources
NVD - CVE-2025-53118 - https://nvd.nist.gov/vuln/detail/CVE-2025-53118
NVD - CVE-2025-53119 - https://nvd.nist.gov/vuln/detail/CVE-2025-53119
NVD - CVE-2025-53120 - https://nvd.nist.gov/vuln/detail/CVE-2025-53120
NVD - CVE-2025-6737 - https://nvd.nist.gov/vuln/detail/CVE-2025-6737
Risks
Securden Unified PAM is a privileged access management tool that manages credentials, remote access, and session recording for administrative accounts. The recently disclosed vulnerabilities allow unauthenticated attackers to bypass authentication, execute remote code, and steal credentials on the system. These vulnerabilities impact all aspects of the CIA triad, Confidentiality, Integrity, and Availability.
Description
CVE-2025-53118, CVSS 9.4
CWE-306 Missing Authentication for Critical Function
An attacker can bypass authentication by abusing insecure session cookies and unprotected API endpoints. In this way the actor can trigger backup processes to download credential files, leading to theft of credentials, secrets, and session tokens.
CVE-2025-53119, CVSS 7.5
CWE-434 Unrestricted Upload of File with Dangerous Type
Due to lack of authentication or file type validation on the server’s web recordings directory API endpoint, attackers can upload any file with any filetype.
CVE-2025-53120, CVSS 9.4
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal’)
Arbitrary files can be overwritten with path traversal characters. In combination with CVE-2025-53119, this can lead to remote code execution by uploading malware (CVE-2025-63119) to overwrite existing files through path traversal (CVE-2025-53120).
CVE-2025-6737, CVSS 7.2
CWE-1391: Use of Weak Credentials
Securden’s remote vendor portal uses shared SSH credentials across customers to create reverse tunnels. An attacker with access to one deployment can potentially connect to and leverage infrastructure used by other customers.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. The aforementioned vulnerabilities are patched in version v11.4.4 or higher.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Securden PAM - https://www.securden.com/privileged-account-manager/index.html
Rapid7 Blog - https://www.rapid7.com/blog/post/securden-unified-pam-multiple-critical-vulnerabilities-fixed/