CVE-2025-24502

CVSS 5.3 MEDIUMEPSS 0.2%CWE-384

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Broadcom · Symantec Privileged Access Management

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25362