CVE-2025-24503

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.

CVSS

No CVSS.

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25362

Configurations

No configuration.

History

05 Feb 2025, 05:15

Type	Values Removed	Values Added
References	~~{'url': 'https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678', 'source': 'secure@symantec.com'}~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25362 -
Summary		(es) Un actor malintencionado puede arreglar la sesión de un usuario PAM engañando al usuario para que haga clic en un enlace manipulado especial al servidor PAM.

30 Jan 2025, 20:15

Type	Values Removed	Values Added
CWE		CWE-384

30 Jan 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-30 19:15

Updated : 2025-02-05 05:15

NVD link : CVE-2025-24503

Mitre link : CVE-2025-24503

CVE.ORG link : CVE-2025-24503

JSON object : View

Products Affected

No product.

CWE

CWE-384

Session Fixation

{"id": "CVE-2025-24503", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "secure@symantec.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 9.3, "automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2025-01-30T19:15:16.453", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25362", "source": "secure@symantec.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server."}, {"lang": "es", "value": "Un actor malintencionado puede arreglar la sesi\u00f3n de un usuario PAM enga\u00f1ando al usuario para que haga clic en un enlace manipulado especial al servidor PAM."}], "lastModified": "2025-02-05T05:15:11.430", "sourceIdentifier": "secure@symantec.com"}