Improper Input Validation in PAM Logs for Broadcom Products
CVE-2025-24501

5.3MEDIUM

Key Information:

Vendor

Broadcom

Vendor
CVE Published:
30 January 2025

What is CVE-2025-24501?

An improper input validation vulnerability exists in Broadcom's PAM product, allowing unauthenticated attackers to manipulate PAM logs by sending specifically crafted HTTP requests. This can lead to unauthorized access and integrity issues within the logging framework of vulnerable systems.

Affected Version(s)

Symantec Privileged Access Management 3.4.6

Symantec Privileged Access Management 3.4.6

Symantec Privileged Access Management 4.1.0 <= 4.1.8

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Stefan Grönke ([email protected])
.
CVE-2025-24501 : Improper Input Validation in PAM Logs for Broadcom Products