Session Fixation Vulnerability in PAM Server by Broadcom
CVE-2025-24503

9.3CRITICAL

Key Information:

Vendor: Broadcom
Status: Symantec Privileged Access Management
Vendor: CVE Published:; 30 January 2025

What is CVE-2025-24503?

A vulnerability exists in Broadcom's PAM server that allows a malicious actor to exploit session fixation techniques. By convincing a PAM user to engage with a specially crafted link, the attacker can establish control over the user's session. This could lead to unauthorized access and actions performed under the user's credentials, compromising the security of sensitive operations within the PAM environment. It is essential for users and administrators to implement robust security measures to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Symantec Privileged Access Management 3.4.6

Symantec Privileged Access Management 4.1.0 <= 4.1.8

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 22, 2025

Credit

Stefan Grönke (gronke@radicallyopensecurity.com)

JSON

Broadcom

What is CVE-2025-24503?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.