Remote Access Vulnerability in Securden’s Unified PAM Product
CVE-2025-6737

7.2HIGH

Key Information:

Vendor: Securden
Status: Unified Pam
Vendor: CVE Published:; 25 August 2025

What is CVE-2025-6737?

A vulnerability in Securden's Unified PAM product allows a malicious actor to exploit shared infrastructure and access tokens between multiple tenants. This could lead to unauthorized access to the gateway server with low-privilege permissions, posing significant security risks. Organizations using this product should promptly investigate and implement mitigation measures to safeguard their data.

Affected Version(s)

Unified PAM 9.0.* < 11.3.1

References

https://www.rapid7.com/blog/post/securden-unified-pam-mul...

third-party-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2025
Vulnerability Reserved
Jun 26, 2025

Credit

Aaron Herndon, Principal Security Consultant, and Marcus Chang, Security Consultant, both of Rapid7.