CVE-2025-24503
Description
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-24503? +
How do I check if I'm vulnerable to CVE-2025-24503? +
Related Vulnerabilities
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of …
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized …
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints …
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could …
Session fixation vulnerability in Wikimedia Foundation OAuth. This vulnerability is associated with program files src/Backend/MWOAuthServer.Php. This issue affects OAuth: from …
QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same …