CVE-2025-53120CRITICAL 9.4EPSS p94.4%

CVE-2025-53120CVE-2025-53120

Description

A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server.

Scoring

CVSS 3.19.4 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS8.63% probability of exploitation · percentile 94.4% · 2026-06-19T12:03:05Z
Published2025-08-25
Last modified2026-04-15

Underlying weaknesses· 1

CWE-22

References

  1. https://www.rapid7.com/blog/post/securden-unified-pam-multiple-critical-vulnerabilities-fixed/

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53118
CVE
CVE-2025-59171
CVE
CVE-2025-62630
CVE
CVE-2025-54769
CVE
CVE-2025-41735
CVE
CVE-2026-2701
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.