CVE-2025-24502

Summary

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.

Affected Software

VendorProductVersion RangeStatus
BroadcomSymantec Privileged Access Management3.4.6affected
BroadcomSymantec Privileged Access Management4.1.0 <= 4.1.8affected
BroadcomSymantec Privileged Access Management4.2.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References