CVE-2025-24501 MEDIUM

CVE-2025-24501

Vendor Broadcom

Product Symantec Privileged Access Management

Weakness CWE-20 · Input validation

Published January 30, 2025

Last update February 12, 2025

CVSS base score

5.3/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

What the vulnerability does

01Description

An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.

Key dates

January 30, 2025 CVE published

February 12, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2025-24501

CWE CWE-20

CVSS 5.3 / MEDIUM

Vendor Broadcom

Product Symantec Privileged Access Management

Affected 3.4.6

Vendor Broadcom

Product Symantec Privileged Access Management

Affected ≥ 4.1.0 and ≤ 4.1.8

Vendor Broadcom

Product Symantec Privileged Access Management

Affected 4.2.0