CVE-2025-24502

EUVD-2025-3736
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
symantecCNA
5.3 MEDIUM
ADJACENT
LOW
NONE
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
broadcomsymantec_privileged_access_management
3.4.6
CNA
broadcomsymantec_privileged_access_management
4.1.0 ≤
𝑥
≤ 4.1.8
CNA
broadcomsymantec_privileged_access_management
4.2.0
CNA
Common Weakness Enumeration
References
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25362