CVE-2025-6737
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-08-25
Assigner: Rapid7, Inc.
Description
Description
Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| securden | unified_pam | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1391 | The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Securden's Unified PAM Remote Vendor Gateway access portal allows a malicious actor to obtain authentication material and access the gateway server with low-privilege permissions because the portal shares infrastructure and access tokens across multiple tenants.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain unauthorized access to the gateway server, potentially compromising the security of multiple tenants by using stolen authentication tokens, leading to unauthorized access and potential data exposure.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70