Search criteria
72 vulnerabilities found for secure_access by absolute
FKIE_CVE-2025-54089
Vulnerability from fkie_nvd - Published: 2025-10-02 21:16 - Updated: 2025-10-16 18:21
Severity ?
Summary
CVE-2025-54089 is a cross-site scripting vulnerability in versions
of secure access prior to 14.10. Attackers with administrative access to the
console can interfere with another administrator’s access to the console. The
attack complexity is low; there are no attack requirements. Privileges required
to execute the attack are high and the victim must actively participate in the
attack sequence. There is no impact to confidentiality or availability, there
is a low impact to integrity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| absolute | secure_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C71B0A-C4A4-421F-A1B4-0CCD7FECEBF1",
"versionEndExcluding": "14.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2025-54089 is a cross-site scripting vulnerability in versions\nof secure access prior to 14.10. Attackers with administrative access to the\nconsole can interfere with another administrator\u2019s access to the console. The\nattack complexity is low; there are no attack requirements. Privileges required\nto execute the attack are high and the victim must actively participate in the\nattack sequence. There is no impact to confidentiality or availability, there\nis a low impact to integrity."
}
],
"id": "CVE-2025-54089",
"lastModified": "2025-10-16T18:21:03.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary"
}
]
},
"published": "2025-10-02T21:16:00.860",
"references": [
{
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54089"
}
],
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-54088
Vulnerability from fkie_nvd - Published: 2025-10-02 21:16 - Updated: 2025-10-16 18:22
Severity ?
Summary
CVE-2025-54088 is an open-redirect vulnerability in Secure
Access prior to version 14.10. Attackers with access to the console can
redirect victims to an arbitrary URL. The attack complexity is low, attack
requirements are present, no privileges are required, and users must actively
participate in the attack. Impact to confidentiality is low and there is no
impact to integrity or availability. There are high severity impacts to
confidentiality, integrity, availability in subsequent systems.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| absolute | secure_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C71B0A-C4A4-421F-A1B4-0CCD7FECEBF1",
"versionEndExcluding": "14.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2025-54088 is an open-redirect vulnerability in Secure\nAccess prior to version 14.10. Attackers with access to the console can\nredirect victims to an arbitrary URL. The attack complexity is low, attack\nrequirements are present, no privileges are required, and users must actively\nparticipate in the attack. Impact to confidentiality is low and there is no\nimpact to integrity or availability. There are high severity impacts to\nconfidentiality, integrity, availability in subsequent systems."
}
],
"id": "CVE-2025-54088",
"lastModified": "2025-10-16T18:22:01.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary"
}
]
},
"published": "2025-10-02T21:16:00.740",
"references": [
{
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54088"
}
],
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-54087
Vulnerability from fkie_nvd - Published: 2025-10-02 20:15 - Updated: 2025-10-16 18:22
Severity ?
Summary
CVE-2025-54087 is a server-side request forgery
vulnerability in Secure Access prior to version 14.10. Attackers with
administrative privileges can publish a crafted test HTTP request originating
from the Secure Access server. The attack complexity is high, there are no
attack requirements, and user interaction is required. There is no direct
impact to confidentiality, integrity, or availability. There is a low severity
subsequent system impact to integrity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| absolute | secure_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C71B0A-C4A4-421F-A1B4-0CCD7FECEBF1",
"versionEndExcluding": "14.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2025-54087 is a server-side request forgery\nvulnerability in Secure Access prior to version 14.10. Attackers with\nadministrative privileges can publish a crafted test HTTP request originating\nfrom the Secure Access server. The attack complexity is high, there are no\nattack requirements, and user interaction is required. There is no direct\nimpact to confidentiality, integrity, or availability. There is a low severity\nsubsequent system impact to integrity."
}
],
"id": "CVE-2025-54087",
"lastModified": "2025-10-16T18:22:43.163",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary"
}
]
},
"published": "2025-10-02T20:15:32.830",
"references": [
{
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54087"
}
],
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-54086
Vulnerability from fkie_nvd - Published: 2025-10-02 20:15 - Updated: 2025-10-16 18:23
Severity ?
Summary
CVE-2025-54086 is an excess permissions vulnerability in the
Warehouse component of Absolute Secure Access prior to version 14.10. Attackers
with access to the local file system can read the Java keystore file. The
attack complexity is low, there are no attack requirements, the privileges
required are low and no user interaction is required. Impact to confidentiality
is low, there is no impact to integrity or availability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| absolute | secure_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C71B0A-C4A4-421F-A1B4-0CCD7FECEBF1",
"versionEndExcluding": "14.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability."
}
],
"id": "CVE-2025-54086",
"lastModified": "2025-10-16T18:23:17.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary"
}
]
},
"published": "2025-10-02T20:15:32.680",
"references": [
{
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54086"
}
],
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49084
Vulnerability from fkie_nvd - Published: 2025-07-31 00:15 - Updated: 2025-08-05 20:16
Severity ?
Summary
CVE-2025-49084 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access can overwrite policy rules without the requisite permissions. The attack
complexity is low, attack requirements are present, privileges required are
high and no user interaction is required. There is no impact to
confidentiality, the impact to integrity is low, and there is no impact to
availability. The impact to confidentiality and availability of subsequent systems
is high and the impact to the integrity of subsequent systems is low.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| absolute | secure_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A96BA84-1837-40DA-B7BB-F77EB3FBFAE5",
"versionEndExcluding": "13.56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2025-49084 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess can overwrite policy rules without the requisite permissions. The attack\ncomplexity is low, attack requirements are present, privileges required are\nhigh and no user interaction is required. There is no impact to\nconfidentiality, the impact to integrity is low, and there is no impact to\navailability. The impact to confidentiality and availability of subsequent systems\nis high and the impact to the integrity of subsequent systems is low."
},
{
"lang": "es",
"value": "CVE-2025-49084 es una vulnerabilidad en la consola de administraci\u00f3n de Absolute Secure Access anterior a la versi\u00f3n 13.56. Los atacantes con acceso administrativo pueden sobrescribir las reglas de pol\u00edtica sin los permisos necesarios. La complejidad del ataque es baja, existen requisitos de ataque, se requieren muchos privilegios y no se requiere interacci\u00f3n del usuario. No hay impacto en la confidencialidad, la integridad ni la disponibilidad. El impacto en la confidencialidad y la disponibilidad de los sistemas posteriores es alto, al igual que en la integridad de estos."
}
],
"id": "CVE-2025-49084",
"lastModified": "2025-08-05T20:16:26.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary"
}
]
},
"published": "2025-07-31T00:15:27.113",
"references": [
{
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49084"
}
],
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-54085
Vulnerability from fkie_nvd - Published: 2025-07-31 00:15 - Updated: 2025-08-05 20:03
Severity ?
Summary
CVE-2025-54085 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read or change other settings. The
attack complexity is low, there are no preexisting attack requirements; the
privileges required are high, and there is no user interaction required. The
impact to system confidentiality and integrity is low, there is no impact to
system availability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| absolute | secure_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A96BA84-1837-40DA-B7BB-F77EB3FBFAE5",
"versionEndExcluding": "13.56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2025-54085 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read or change other settings. The\nattack complexity is low, there are no preexisting attack requirements; the\nprivileges required are high, and there is no user interaction required. The\nimpact to system confidentiality and integrity is low, there is no impact to\nsystem availability."
},
{
"lang": "es",
"value": "CVE-2025-54085 es una vulnerabilidad en la consola de administraci\u00f3n de Absolute Secure Access anterior a la versi\u00f3n 13.56. Los atacantes con acceso administrativo a la consola y con ciertos permisos asignados pueden eludirlos para leer o modificar incorrectamente otras configuraciones. La complejidad del ataque es baja, no existen requisitos previos; se requieren privilegios altos y no se requiere interacci\u00f3n del usuario. El impacto en la confidencialidad e integridad del sistema es bajo y no afecta a su disponibilidad."
}
],
"id": "CVE-2025-54085",
"lastModified": "2025-08-05T20:03:18.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary"
}
]
},
"published": "2025-07-31T00:15:27.290",
"references": [
{
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085"
}
],
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49082
Vulnerability from fkie_nvd - Published: 2025-07-31 00:15 - Updated: 2025-08-05 20:16
Severity ?
Summary
CVE-2025-49082 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read other settings. The attack
complexity is low, there are no preexisting attack requirements; the privileges
required are high, and there is no user interaction required. The impact to
system confidentiality is low, there is no impact to system availability or
integrity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| absolute | secure_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A96BA84-1837-40DA-B7BB-F77EB3FBFAE5",
"versionEndExcluding": "13.56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2025-49082 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read other settings. The attack\ncomplexity is low, there are no preexisting attack requirements; the privileges\nrequired are high, and there is no user interaction required. The impact to\nsystem confidentiality is low, there is no impact to system availability or\nintegrity."
},
{
"lang": "es",
"value": "CVE-2025-49082 es una vulnerabilidad en la consola de administraci\u00f3n de Absolute Secure Access anterior a la versi\u00f3n 13.56. Los atacantes con acceso administrativo a la consola y con ciertos permisos asignados pueden eludirlos para leer indebidamente otras configuraciones. La complejidad del ataque es baja, no existen requisitos previos; se requieren privilegios altos y no se requiere interacci\u00f3n del usuario. El impacto en la confidencialidad del sistema es bajo y no afecta a la disponibilidad ni a la integridad del sistema."
}
],
"id": "CVE-2025-49082",
"lastModified": "2025-08-05T20:16:11.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary"
}
]
},
"published": "2025-07-31T00:15:26.783",
"references": [
{
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49082"
}
],
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49083
Vulnerability from fkie_nvd - Published: 2025-07-31 00:15 - Updated: 2025-08-05 20:16
Severity ?
Summary
CVE-2025-49083 is a vulnerability in the management console
of Absolute Secure Access after version 12.00 and prior to version 13.56.
Attackers with administrative access to the console can cause unsafe content to
be deserialized and executed in the security context of the console. The attack
complexity is low and there are no attack requirements. Privileges required are
high and there is no user interaction required. The impact to confidentiality
is low, impact to integrity is high and there is no impact to availability. The
impact to the confidentiality and integrity of subsequent systems is low and
there is no subsequent system impact to availability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| absolute | secure_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13CFE16F-998E-4CB2-9707-9B0DC14F37DB",
"versionEndExcluding": "13.56",
"versionStartIncluding": "12.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CVE-2025-49083 is a vulnerability in the management console\nof Absolute Secure Access after version 12.00 and prior to version 13.56.\nAttackers with administrative access to the console can cause unsafe content to\nbe deserialized and executed in the security context of the console. The attack\ncomplexity is low and there are no attack requirements. Privileges required are\nhigh and there is no user interaction required. The impact to confidentiality\nis low, impact to integrity is high and there is no impact to availability. The\nimpact to the confidentiality and integrity of subsequent systems is low and\nthere is no subsequent system impact to availability."
},
{
"lang": "es",
"value": "CVE-2025-49083 es una vulnerabilidad en la consola de administraci\u00f3n de Absolute Secure Access (versi\u00f3n posterior a la 12.00 y anterior a la 13.56). Los atacantes con acceso administrativo a la consola pueden provocar la deserializaci\u00f3n y ejecuci\u00f3n de contenido inseguro en el contexto de seguridad de la consola. La complejidad del ataque es baja y no requiere ning\u00fan tipo de intervenci\u00f3n. Se requieren privilegios elevados y no se requiere interacci\u00f3n del usuario. El impacto en la confidencialidad es bajo, el impacto en la integridad es alto y no hay impacto en la disponibilidad. El impacto en la confidencialidad e integridad de los sistemas posteriores es bajo y no hay impacto posterior en la disponibilidad del sistema."
}
],
"id": "CVE-2025-49083",
"lastModified": "2025-08-05T20:16:17.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary"
}
]
},
"published": "2025-07-31T00:15:26.957",
"references": [
{
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49083"
}
],
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49081
Vulnerability from fkie_nvd - Published: 2025-06-12 18:15 - Updated: 2025-06-17 20:32
Severity ?
Summary
There is an insufficient input validation vulnerability in the warehouse
component of Absolute Secure Access prior to server version 13.55. Attackers
with system administrator permissions can impair the availability of the Secure
Access administrative UI by writing invalid data to the warehouse over the
network. The attack complexity is low, there are no attack requirements,
privileges required are high, and there is no user interaction required. There
is no impact on confidentiality or integrity; the impact on availability is
high.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| absolute | secure_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63EA8711-5040-41D3-BA83-0BF6B7C6821E",
"versionEndExcluding": "13.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de validaci\u00f3n de entrada insuficiente en el componente de almac\u00e9n de Absolute Secure Access anterior a la versi\u00f3n de servidor 13.55. Los atacantes con permisos de administrador del sistema pueden afectar la disponibilidad de la interfaz administrativa de Secure Access escribiendo datos no v\u00e1lidos en el almac\u00e9n a trav\u00e9s de la red. La complejidad del ataque es baja, no requiere ataques, se requieren privilegios elevados y no se requiere interacci\u00f3n del usuario. No afecta a la confidencialidad ni a la integridad; el impacto en la disponibilidad es alto."
}
],
"id": "CVE-2025-49081",
"lastModified": "2025-06-17T20:32:38.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary"
}
]
},
"published": "2025-06-12T18:15:20.853",
"references": [
{
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49081"
}
],
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49080
Vulnerability from fkie_nvd - Published: 2025-06-12 17:15 - Updated: 2025-06-23 14:09
Severity ?
Summary
There is a memory management vulnerability in Absolute
Secure Access server versions 9.0 to 13.54. Attackers with network access to
the server can cause a Denial of Service by sending a specially crafted
sequence of packets to the server. The attack complexity is low, there are no
attack requirements, privileges, or user interaction required. Loss of
availability is high; there is no impact on confidentiality or integrity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| absolute | secure_access | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FBA6CCF-7369-459B-9B71-5ADFCA00EFB1",
"versionEndIncluding": "13.54",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a memory management vulnerability in Absolute\nSecure Access server versions 9.0 to 13.54. Attackers with network access to\nthe server can cause a Denial of Service by sending a specially crafted\nsequence of packets to the server. The attack complexity is low, there are no\nattack requirements, privileges, or user interaction required. Loss of\navailability is high; there is no impact on confidentiality or integrity."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de gesti\u00f3n de memoria en las versiones 9.0 a 13.54 del servidor Absolute Secure Access. Los atacantes con acceso de red al servidor pueden provocar una denegaci\u00f3n de servicio (DPS) mediante el env\u00edo de una secuencia de paquetes especialmente manipulada. La complejidad del ataque es baja; no requiere requisitos de ataque, privilegios ni interacci\u00f3n del usuario. La p\u00e9rdida de disponibilidad es alta; no afecta a la confidencialidad ni a la integridad."
}
],
"id": "CVE-2025-49080",
"lastModified": "2025-06-23T14:09:31.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "SecurityResponse@netmotionsoftware.com",
"type": "Secondary"
}
]
},
"published": "2025-06-12T17:15:29.193",
"references": [
{
"source": "SecurityResponse@netmotionsoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49080"
}
],
"sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-762"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-54089 (GCVE-0-2025-54089)
Vulnerability from cvelistv5 – Published: 2025-10-02 20:15 – Updated: 2025-10-03 14:59
VLAI?
Summary
CVE-2025-54089 is a cross-site scripting vulnerability in versions
of secure access prior to 14.10. Attackers with administrative access to the
console can interfere with another administrator’s access to the console. The
attack complexity is low; there are no attack requirements. Privileges required
to execute the attack are high and the victim must actively participate in the
attack sequence. There is no impact to confidentiality or availability, there
is a low impact to integrity.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < 14.10
(Server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T14:59:41.891024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T14:59:45.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "14.10",
"status": "affected",
"version": "0",
"versionType": "Server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-54089 is a cross-site scripting vulnerability in versions\nof secure access prior to 14.10. Attackers with administrative access to the\nconsole can interfere with another administrator\u2019s access to the console. The\nattack complexity is low; there are no attack requirements. Privileges required\nto execute the attack are high and the victim must actively participate in the\nattack sequence. There is no impact to confidentiality or availability, there\nis a low impact to integrity.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "CVE-2025-54089 is a cross-site scripting vulnerability in versions\nof secure access prior to 14.10. Attackers with administrative access to the\nconsole can interfere with another administrator\u2019s access to the console. The\nattack complexity is low; there are no attack requirements. Privileges required\nto execute the attack are high and the victim must actively participate in the\nattack sequence. There is no impact to confidentiality or availability, there\nis a low impact to integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T20:15:09.464Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54089"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting vulnerability in Secure Access prior to 14.10",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-54089",
"datePublished": "2025-10-02T20:15:09.464Z",
"dateReserved": "2025-07-16T17:10:03.453Z",
"dateUpdated": "2025-10-03T14:59:45.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54088 (GCVE-0-2025-54088)
Vulnerability from cvelistv5 – Published: 2025-10-02 20:10 – Updated: 2025-10-07 19:26
VLAI?
Summary
CVE-2025-54088 is an open-redirect vulnerability in Secure
Access prior to version 14.10. Attackers with access to the console can
redirect victims to an arbitrary URL. The attack complexity is low, attack
requirements are present, no privileges are required, and users must actively
participate in the attack. Impact to confidentiality is low and there is no
impact to integrity or availability. There are high severity impacts to
confidentiality, integrity, availability in subsequent systems.
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < <14.10
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T19:26:12.951361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T19:26:28.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "\u003c14.10",
"status": "affected",
"version": "0",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-54088 is an open-redirect vulnerability in Secure\nAccess prior to version 14.10. Attackers with access to the console can\nredirect victims to an arbitrary URL. The attack complexity is low, attack\nrequirements are present, no privileges are required, and users must actively\nparticipate in the attack. Impact to confidentiality is low and there is no\nimpact to integrity or availability. There are high severity impacts to\nconfidentiality, integrity, availability in subsequent systems.\u003c/p\u003e"
}
],
"value": "CVE-2025-54088 is an open-redirect vulnerability in Secure\nAccess prior to version 14.10. Attackers with access to the console can\nredirect victims to an arbitrary URL. The attack complexity is low, attack\nrequirements are present, no privileges are required, and users must actively\nparticipate in the attack. Impact to confidentiality is low and there is no\nimpact to integrity or availability. There are high severity impacts to\nconfidentiality, integrity, availability in subsequent systems."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T20:10:52.425Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54088"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open Redirect in Secure Access prior to 14.10",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-54088",
"datePublished": "2025-10-02T20:10:52.425Z",
"dateReserved": "2025-07-16T17:10:03.453Z",
"dateUpdated": "2025-10-07T19:26:28.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54087 (GCVE-0-2025-54087)
Vulnerability from cvelistv5 – Published: 2025-10-02 20:05 – Updated: 2025-10-07 19:27
VLAI?
Summary
CVE-2025-54087 is a server-side request forgery
vulnerability in Secure Access prior to version 14.10. Attackers with
administrative privileges can publish a crafted test HTTP request originating
from the Secure Access server. The attack complexity is high, there are no
attack requirements, and user interaction is required. There is no direct
impact to confidentiality, integrity, or availability. There is a low severity
subsequent system impact to integrity.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < <14.10
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T19:26:49.025936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T19:27:01.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Administrative Consile",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "\u003c14.10",
"status": "affected",
"version": "0",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-54087 is a server-side request forgery\nvulnerability in Secure Access prior to version 14.10. Attackers with\nadministrative privileges can publish a crafted test HTTP request originating\nfrom the Secure Access server. The attack complexity is high, there are no\nattack requirements, and user interaction is required. There is no direct\nimpact to confidentiality, integrity, or availability. There is a low severity\nsubsequent system impact to integrity. \u003c/p\u003e"
}
],
"value": "CVE-2025-54087 is a server-side request forgery\nvulnerability in Secure Access prior to version 14.10. Attackers with\nadministrative privileges can publish a crafted test HTTP request originating\nfrom the Secure Access server. The attack complexity is high, there are no\nattack requirements, and user interaction is required. There is no direct\nimpact to confidentiality, integrity, or availability. There is a low severity\nsubsequent system impact to integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T20:05:38.092Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54087"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server-side request forgery in Secure Access",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-54087",
"datePublished": "2025-10-02T20:05:38.092Z",
"dateReserved": "2025-07-16T17:10:03.453Z",
"dateUpdated": "2025-10-07T19:27:01.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54086 (GCVE-0-2025-54086)
Vulnerability from cvelistv5 – Published: 2025-10-02 19:56 – Updated: 2025-10-06 18:35
VLAI?
Summary
CVE-2025-54086 is an excess permissions vulnerability in the
Warehouse component of Absolute Secure Access prior to version 14.10. Attackers
with access to the local file system can read the Java keystore file. The
attack complexity is low, there are no attack requirements, the privileges
required are low and no user interaction is required. Impact to confidentiality
is low, there is no impact to integrity or availability.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < <14.10
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T18:35:11.272236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T18:35:14.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Warehouse",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "\u003c14.10",
"status": "affected",
"version": "0",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability. \u003c/p\u003e"
}
],
"value": "CVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T19:56:37.373Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54086"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Excess Permissions in Warehouse",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-54086",
"datePublished": "2025-10-02T19:56:37.373Z",
"dateReserved": "2025-07-16T17:10:03.453Z",
"dateUpdated": "2025-10-06T18:35:14.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49082 (GCVE-0-2025-49082)
Vulnerability from cvelistv5 – Published: 2025-07-30 23:45 – Updated: 2025-07-31 13:30
VLAI?
Summary
CVE-2025-49082 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read other settings. The attack
complexity is low, there are no preexisting attack requirements; the privileges
required are high, and there is no user interaction required. The impact to
system confidentiality is low, there is no impact to system availability or
integrity.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < 13.56
(Server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:28:59.442075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T13:30:00.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Administrative Console",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "13.56",
"status": "affected",
"version": "0",
"versionType": "Server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-49082 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read other settings. The attack\ncomplexity is low, there are no preexisting attack requirements; the privileges\nrequired are high, and there is no user interaction required. The impact to\nsystem confidentiality is low, there is no impact to system availability or\nintegrity. \u003c/p\u003e"
}
],
"value": "CVE-2025-49082 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read other settings. The attack\ncomplexity is low, there are no preexisting attack requirements; the privileges\nrequired are high, and there is no user interaction required. The impact to\nsystem confidentiality is low, there is no impact to system availability or\nintegrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:45:30.677Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49082"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Permissions bypass vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-49082",
"datePublished": "2025-07-30T23:45:30.677Z",
"dateReserved": "2025-05-30T18:23:44.238Z",
"dateUpdated": "2025-07-31T13:30:00.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54085 (GCVE-0-2025-54085)
Vulnerability from cvelistv5 – Published: 2025-07-30 23:40 – Updated: 2025-07-31 13:31
VLAI?
Summary
CVE-2025-54085 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read or change other settings. The
attack complexity is low, there are no preexisting attack requirements; the
privileges required are high, and there is no user interaction required. The
impact to system confidentiality and integrity is low, there is no impact to
system availability.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < 13.56
(Server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:30:40.243410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T13:31:58.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Administrative Console",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "13.56",
"status": "affected",
"version": "0",
"versionType": "Server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-54085 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read or change other settings. The\nattack complexity is low, there are no preexisting attack requirements; the\nprivileges required are high, and there is no user interaction required. The\nimpact to system confidentiality and integrity is low, there is no impact to\nsystem availability. \u003c/p\u003e"
}
],
"value": "CVE-2025-54085 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read or change other settings. The\nattack complexity is low, there are no preexisting attack requirements; the\nprivileges required are high, and there is no user interaction required. The\nimpact to system confidentiality and integrity is low, there is no impact to\nsystem availability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:40:28.441Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-54085",
"datePublished": "2025-07-30T23:40:28.441Z",
"dateReserved": "2025-07-16T17:10:03.452Z",
"dateUpdated": "2025-07-31T13:31:58.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49084 (GCVE-0-2025-49084)
Vulnerability from cvelistv5 – Published: 2025-07-30 23:36 – Updated: 2025-07-31 13:33
VLAI?
Summary
CVE-2025-49084 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access can overwrite policy rules without the requisite permissions. The attack
complexity is low, attack requirements are present, privileges required are
high and no user interaction is required. There is no impact to
confidentiality, the impact to integrity is low, and there is no impact to
availability. The impact to confidentiality and availability of subsequent systems
is high and the impact to the integrity of subsequent systems is low.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolutee Security | Secure Access |
Affected:
0 , < 13.56
(Server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:33:22.873986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T13:33:49.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Administrative Console",
"product": "Secure Access",
"vendor": "Absolutee Security",
"versions": [
{
"lessThan": "13.56",
"status": "affected",
"version": "0",
"versionType": "Server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-49084 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess can overwrite policy rules without the requisite permissions. The attack\ncomplexity is low, attack requirements are present, privileges required are\nhigh and no user interaction is required. There is no impact to\nconfidentiality, the impact to integrity is low, and there is no impact to\navailability. The impact to confidentiality and availability of subsequent systems\nis high and the impact to the integrity of subsequent systems is low. \u003c/p\u003e"
}
],
"value": "CVE-2025-49084 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess can overwrite policy rules without the requisite permissions. The attack\ncomplexity is low, attack requirements are present, privileges required are\nhigh and no user interaction is required. There is no impact to\nconfidentiality, the impact to integrity is low, and there is no impact to\navailability. The impact to confidentiality and availability of subsequent systems\nis high and the impact to the integrity of subsequent systems is low."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:36:17.426Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49084"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-49084",
"datePublished": "2025-07-30T23:36:17.426Z",
"dateReserved": "2025-05-30T18:23:44.238Z",
"dateUpdated": "2025-07-31T13:33:49.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49083 (GCVE-0-2025-49083)
Vulnerability from cvelistv5 – Published: 2025-07-30 23:30 – Updated: 2025-07-31 13:37
VLAI?
Summary
CVE-2025-49083 is a vulnerability in the management console
of Absolute Secure Access after version 12.00 and prior to version 13.56.
Attackers with administrative access to the console can cause unsafe content to
be deserialized and executed in the security context of the console. The attack
complexity is low and there are no attack requirements. Privileges required are
high and there is no user interaction required. The impact to confidentiality
is low, impact to integrity is high and there is no impact to availability. The
impact to the confidentiality and integrity of subsequent systems is low and
there is no subsequent system impact to availability.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
12.00 , < 13.56
(Server Version)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:35:20.525138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T13:37:21.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "13.56",
"status": "affected",
"version": "12.00",
"versionType": "Server Version"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-49083 is a vulnerability in the management console\nof Absolute Secure Access after version 12.00 and prior to version 13.56.\nAttackers with administrative access to the console can cause unsafe content to\nbe deserialized and executed in the security context of the console. The attack\ncomplexity is low and there are no attack requirements. Privileges required are\nhigh and there is no user interaction required. The impact to confidentiality\nis low, impact to integrity is high and there is no impact to availability. The\nimpact to the confidentiality and integrity of subsequent systems is low and\nthere is no subsequent system impact to availability. \u003c/p\u003e"
}
],
"value": "CVE-2025-49083 is a vulnerability in the management console\nof Absolute Secure Access after version 12.00 and prior to version 13.56.\nAttackers with administrative access to the console can cause unsafe content to\nbe deserialized and executed in the security context of the console. The attack\ncomplexity is low and there are no attack requirements. Privileges required are\nhigh and there is no user interaction required. The impact to confidentiality\nis low, impact to integrity is high and there is no impact to availability. The\nimpact to the confidentiality and integrity of subsequent systems is low and\nthere is no subsequent system impact to availability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:30:52.664Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49083"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Data deserialization vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-49083",
"datePublished": "2025-07-30T23:30:52.664Z",
"dateReserved": "2025-05-30T18:23:44.238Z",
"dateUpdated": "2025-07-31T13:37:21.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49081 (GCVE-0-2025-49081)
Vulnerability from cvelistv5 – Published: 2025-06-12 17:25 – Updated: 2025-06-12 17:59
VLAI?
Summary
There is an insufficient input validation vulnerability in the warehouse
component of Absolute Secure Access prior to server version 13.55. Attackers
with system administrator permissions can impair the availability of the Secure
Access administrative UI by writing invalid data to the warehouse over the
network. The attack complexity is low, there are no attack requirements,
privileges required are high, and there is no user interaction required. There
is no impact on confidentiality or integrity; the impact on availability is
high.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < 13.55
(Server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T17:58:19.597138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T17:59:46.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Warehouse",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "13.55",
"status": "affected",
"version": "0",
"versionType": "Server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh.\u003c/p\u003e"
}
],
"value": "There is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T17:25:47.812Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49081"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Input validation vulnerability in the Secure Access prior to version 13.55",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-49081",
"datePublished": "2025-06-12T17:25:47.812Z",
"dateReserved": "2025-05-30T18:23:44.238Z",
"dateUpdated": "2025-06-12T17:59:46.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49080 (GCVE-0-2025-49080)
Vulnerability from cvelistv5 – Published: 2025-06-12 17:08 – Updated: 2025-06-17 18:17
VLAI?
Summary
There is a memory management vulnerability in Absolute
Secure Access server versions 9.0 to 13.54. Attackers with network access to
the server can cause a Denial of Service by sending a specially crafted
sequence of packets to the server. The attack complexity is low, there are no
attack requirements, privileges, or user interaction required. Loss of
availability is high; there is no impact on confidentiality or integrity.
Severity ?
CWE
- CWE-762 - Mismatched Memory Management Routines
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
9.0 , < 13.54
(Server Version)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T17:12:45.895406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-762",
"description": "CWE-762 Mismatched Memory Management Routines",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T18:17:08.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Secure Access Server",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "13.54",
"status": "affected",
"version": "9.0",
"versionType": "Server Version"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a memory management vulnerability in Absolute\nSecure Access server versions 9.0 to 13.54. Attackers with network access to\nthe server can cause a Denial of Service by sending a specially crafted\nsequence of packets to the server. The attack complexity is low, there are no\nattack requirements, privileges, or user interaction required. Loss of\navailability is high; there is no impact on confidentiality or integrity.\u003c/p\u003e"
}
],
"value": "There is a memory management vulnerability in Absolute\nSecure Access server versions 9.0 to 13.54. Attackers with network access to\nthe server can cause a Denial of Service by sending a specially crafted\nsequence of packets to the server. The attack complexity is low, there are no\nattack requirements, privileges, or user interaction required. Loss of\navailability is high; there is no impact on confidentiality or integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T17:08:50.086Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49080"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-49080",
"datePublished": "2025-06-12T17:08:50.086Z",
"dateReserved": "2025-05-30T18:23:44.238Z",
"dateUpdated": "2025-06-17T18:17:08.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54089 (GCVE-0-2025-54089)
Vulnerability from nvd – Published: 2025-10-02 20:15 – Updated: 2025-10-03 14:59
VLAI?
Summary
CVE-2025-54089 is a cross-site scripting vulnerability in versions
of secure access prior to 14.10. Attackers with administrative access to the
console can interfere with another administrator’s access to the console. The
attack complexity is low; there are no attack requirements. Privileges required
to execute the attack are high and the victim must actively participate in the
attack sequence. There is no impact to confidentiality or availability, there
is a low impact to integrity.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < 14.10
(Server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T14:59:41.891024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T14:59:45.131Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "14.10",
"status": "affected",
"version": "0",
"versionType": "Server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-54089 is a cross-site scripting vulnerability in versions\nof secure access prior to 14.10. Attackers with administrative access to the\nconsole can interfere with another administrator\u2019s access to the console. The\nattack complexity is low; there are no attack requirements. Privileges required\nto execute the attack are high and the victim must actively participate in the\nattack sequence. There is no impact to confidentiality or availability, there\nis a low impact to integrity.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "CVE-2025-54089 is a cross-site scripting vulnerability in versions\nof secure access prior to 14.10. Attackers with administrative access to the\nconsole can interfere with another administrator\u2019s access to the console. The\nattack complexity is low; there are no attack requirements. Privileges required\nto execute the attack are high and the victim must actively participate in the\nattack sequence. There is no impact to confidentiality or availability, there\nis a low impact to integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T20:15:09.464Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54089"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting vulnerability in Secure Access prior to 14.10",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-54089",
"datePublished": "2025-10-02T20:15:09.464Z",
"dateReserved": "2025-07-16T17:10:03.453Z",
"dateUpdated": "2025-10-03T14:59:45.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54088 (GCVE-0-2025-54088)
Vulnerability from nvd – Published: 2025-10-02 20:10 – Updated: 2025-10-07 19:26
VLAI?
Summary
CVE-2025-54088 is an open-redirect vulnerability in Secure
Access prior to version 14.10. Attackers with access to the console can
redirect victims to an arbitrary URL. The attack complexity is low, attack
requirements are present, no privileges are required, and users must actively
participate in the attack. Impact to confidentiality is low and there is no
impact to integrity or availability. There are high severity impacts to
confidentiality, integrity, availability in subsequent systems.
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < <14.10
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T19:26:12.951361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T19:26:28.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "\u003c14.10",
"status": "affected",
"version": "0",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-54088 is an open-redirect vulnerability in Secure\nAccess prior to version 14.10. Attackers with access to the console can\nredirect victims to an arbitrary URL. The attack complexity is low, attack\nrequirements are present, no privileges are required, and users must actively\nparticipate in the attack. Impact to confidentiality is low and there is no\nimpact to integrity or availability. There are high severity impacts to\nconfidentiality, integrity, availability in subsequent systems.\u003c/p\u003e"
}
],
"value": "CVE-2025-54088 is an open-redirect vulnerability in Secure\nAccess prior to version 14.10. Attackers with access to the console can\nredirect victims to an arbitrary URL. The attack complexity is low, attack\nrequirements are present, no privileges are required, and users must actively\nparticipate in the attack. Impact to confidentiality is low and there is no\nimpact to integrity or availability. There are high severity impacts to\nconfidentiality, integrity, availability in subsequent systems."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T20:10:52.425Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54088"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Open Redirect in Secure Access prior to 14.10",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-54088",
"datePublished": "2025-10-02T20:10:52.425Z",
"dateReserved": "2025-07-16T17:10:03.453Z",
"dateUpdated": "2025-10-07T19:26:28.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54087 (GCVE-0-2025-54087)
Vulnerability from nvd – Published: 2025-10-02 20:05 – Updated: 2025-10-07 19:27
VLAI?
Summary
CVE-2025-54087 is a server-side request forgery
vulnerability in Secure Access prior to version 14.10. Attackers with
administrative privileges can publish a crafted test HTTP request originating
from the Secure Access server. The attack complexity is high, there are no
attack requirements, and user interaction is required. There is no direct
impact to confidentiality, integrity, or availability. There is a low severity
subsequent system impact to integrity.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < <14.10
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T19:26:49.025936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T19:27:01.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Administrative Consile",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "\u003c14.10",
"status": "affected",
"version": "0",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-54087 is a server-side request forgery\nvulnerability in Secure Access prior to version 14.10. Attackers with\nadministrative privileges can publish a crafted test HTTP request originating\nfrom the Secure Access server. The attack complexity is high, there are no\nattack requirements, and user interaction is required. There is no direct\nimpact to confidentiality, integrity, or availability. There is a low severity\nsubsequent system impact to integrity. \u003c/p\u003e"
}
],
"value": "CVE-2025-54087 is a server-side request forgery\nvulnerability in Secure Access prior to version 14.10. Attackers with\nadministrative privileges can publish a crafted test HTTP request originating\nfrom the Secure Access server. The attack complexity is high, there are no\nattack requirements, and user interaction is required. There is no direct\nimpact to confidentiality, integrity, or availability. There is a low severity\nsubsequent system impact to integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T20:05:38.092Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54087"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server-side request forgery in Secure Access",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-54087",
"datePublished": "2025-10-02T20:05:38.092Z",
"dateReserved": "2025-07-16T17:10:03.453Z",
"dateUpdated": "2025-10-07T19:27:01.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54086 (GCVE-0-2025-54086)
Vulnerability from nvd – Published: 2025-10-02 19:56 – Updated: 2025-10-06 18:35
VLAI?
Summary
CVE-2025-54086 is an excess permissions vulnerability in the
Warehouse component of Absolute Secure Access prior to version 14.10. Attackers
with access to the local file system can read the Java keystore file. The
attack complexity is low, there are no attack requirements, the privileges
required are low and no user interaction is required. Impact to confidentiality
is low, there is no impact to integrity or availability.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < <14.10
(server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T18:35:11.272236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T18:35:14.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Warehouse",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "\u003c14.10",
"status": "affected",
"version": "0",
"versionType": "server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability. \u003c/p\u003e"
}
],
"value": "CVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T19:56:37.373Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54086"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Excess Permissions in Warehouse",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-54086",
"datePublished": "2025-10-02T19:56:37.373Z",
"dateReserved": "2025-07-16T17:10:03.453Z",
"dateUpdated": "2025-10-06T18:35:14.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49082 (GCVE-0-2025-49082)
Vulnerability from nvd – Published: 2025-07-30 23:45 – Updated: 2025-07-31 13:30
VLAI?
Summary
CVE-2025-49082 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read other settings. The attack
complexity is low, there are no preexisting attack requirements; the privileges
required are high, and there is no user interaction required. The impact to
system confidentiality is low, there is no impact to system availability or
integrity.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < 13.56
(Server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:28:59.442075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T13:30:00.892Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Administrative Console",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "13.56",
"status": "affected",
"version": "0",
"versionType": "Server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-49082 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read other settings. The attack\ncomplexity is low, there are no preexisting attack requirements; the privileges\nrequired are high, and there is no user interaction required. The impact to\nsystem confidentiality is low, there is no impact to system availability or\nintegrity. \u003c/p\u003e"
}
],
"value": "CVE-2025-49082 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read other settings. The attack\ncomplexity is low, there are no preexisting attack requirements; the privileges\nrequired are high, and there is no user interaction required. The impact to\nsystem confidentiality is low, there is no impact to system availability or\nintegrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:45:30.677Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49082"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Permissions bypass vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-49082",
"datePublished": "2025-07-30T23:45:30.677Z",
"dateReserved": "2025-05-30T18:23:44.238Z",
"dateUpdated": "2025-07-31T13:30:00.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54085 (GCVE-0-2025-54085)
Vulnerability from nvd – Published: 2025-07-30 23:40 – Updated: 2025-07-31 13:31
VLAI?
Summary
CVE-2025-54085 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read or change other settings. The
attack complexity is low, there are no preexisting attack requirements; the
privileges required are high, and there is no user interaction required. The
impact to system confidentiality and integrity is low, there is no impact to
system availability.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < 13.56
(Server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:30:40.243410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T13:31:58.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Administrative Console",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "13.56",
"status": "affected",
"version": "0",
"versionType": "Server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-54085 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read or change other settings. The\nattack complexity is low, there are no preexisting attack requirements; the\nprivileges required are high, and there is no user interaction required. The\nimpact to system confidentiality and integrity is low, there is no impact to\nsystem availability. \u003c/p\u003e"
}
],
"value": "CVE-2025-54085 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read or change other settings. The\nattack complexity is low, there are no preexisting attack requirements; the\nprivileges required are high, and there is no user interaction required. The\nimpact to system confidentiality and integrity is low, there is no impact to\nsystem availability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:40:28.441Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-54085",
"datePublished": "2025-07-30T23:40:28.441Z",
"dateReserved": "2025-07-16T17:10:03.452Z",
"dateUpdated": "2025-07-31T13:31:58.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49084 (GCVE-0-2025-49084)
Vulnerability from nvd – Published: 2025-07-30 23:36 – Updated: 2025-07-31 13:33
VLAI?
Summary
CVE-2025-49084 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access can overwrite policy rules without the requisite permissions. The attack
complexity is low, attack requirements are present, privileges required are
high and no user interaction is required. There is no impact to
confidentiality, the impact to integrity is low, and there is no impact to
availability. The impact to confidentiality and availability of subsequent systems
is high and the impact to the integrity of subsequent systems is low.
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolutee Security | Secure Access |
Affected:
0 , < 13.56
(Server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:33:22.873986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T13:33:49.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Administrative Console",
"product": "Secure Access",
"vendor": "Absolutee Security",
"versions": [
{
"lessThan": "13.56",
"status": "affected",
"version": "0",
"versionType": "Server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-49084 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess can overwrite policy rules without the requisite permissions. The attack\ncomplexity is low, attack requirements are present, privileges required are\nhigh and no user interaction is required. There is no impact to\nconfidentiality, the impact to integrity is low, and there is no impact to\navailability. The impact to confidentiality and availability of subsequent systems\nis high and the impact to the integrity of subsequent systems is low. \u003c/p\u003e"
}
],
"value": "CVE-2025-49084 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess can overwrite policy rules without the requisite permissions. The attack\ncomplexity is low, attack requirements are present, privileges required are\nhigh and no user interaction is required. There is no impact to\nconfidentiality, the impact to integrity is low, and there is no impact to\navailability. The impact to confidentiality and availability of subsequent systems\nis high and the impact to the integrity of subsequent systems is low."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:36:17.426Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49084"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-49084",
"datePublished": "2025-07-30T23:36:17.426Z",
"dateReserved": "2025-05-30T18:23:44.238Z",
"dateUpdated": "2025-07-31T13:33:49.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49083 (GCVE-0-2025-49083)
Vulnerability from nvd – Published: 2025-07-30 23:30 – Updated: 2025-07-31 13:37
VLAI?
Summary
CVE-2025-49083 is a vulnerability in the management console
of Absolute Secure Access after version 12.00 and prior to version 13.56.
Attackers with administrative access to the console can cause unsafe content to
be deserialized and executed in the security context of the console. The attack
complexity is low and there are no attack requirements. Privileges required are
high and there is no user interaction required. The impact to confidentiality
is low, impact to integrity is high and there is no impact to availability. The
impact to the confidentiality and integrity of subsequent systems is low and
there is no subsequent system impact to availability.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
12.00 , < 13.56
(Server Version)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49083",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T13:35:20.525138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T13:37:21.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "13.56",
"status": "affected",
"version": "12.00",
"versionType": "Server Version"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCVE-2025-49083 is a vulnerability in the management console\nof Absolute Secure Access after version 12.00 and prior to version 13.56.\nAttackers with administrative access to the console can cause unsafe content to\nbe deserialized and executed in the security context of the console. The attack\ncomplexity is low and there are no attack requirements. Privileges required are\nhigh and there is no user interaction required. The impact to confidentiality\nis low, impact to integrity is high and there is no impact to availability. The\nimpact to the confidentiality and integrity of subsequent systems is low and\nthere is no subsequent system impact to availability. \u003c/p\u003e"
}
],
"value": "CVE-2025-49083 is a vulnerability in the management console\nof Absolute Secure Access after version 12.00 and prior to version 13.56.\nAttackers with administrative access to the console can cause unsafe content to\nbe deserialized and executed in the security context of the console. The attack\ncomplexity is low and there are no attack requirements. Privileges required are\nhigh and there is no user interaction required. The impact to confidentiality\nis low, impact to integrity is high and there is no impact to availability. The\nimpact to the confidentiality and integrity of subsequent systems is low and\nthere is no subsequent system impact to availability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T23:30:52.664Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49083"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Data deserialization vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-49083",
"datePublished": "2025-07-30T23:30:52.664Z",
"dateReserved": "2025-05-30T18:23:44.238Z",
"dateUpdated": "2025-07-31T13:37:21.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49081 (GCVE-0-2025-49081)
Vulnerability from nvd – Published: 2025-06-12 17:25 – Updated: 2025-06-12 17:59
VLAI?
Summary
There is an insufficient input validation vulnerability in the warehouse
component of Absolute Secure Access prior to server version 13.55. Attackers
with system administrator permissions can impair the availability of the Secure
Access administrative UI by writing invalid data to the warehouse over the
network. The attack complexity is low, there are no attack requirements,
privileges required are high, and there is no user interaction required. There
is no impact on confidentiality or integrity; the impact on availability is
high.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
0 , < 13.55
(Server)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T17:58:19.597138Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T17:59:46.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Warehouse",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "13.55",
"status": "affected",
"version": "0",
"versionType": "Server"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh.\u003c/p\u003e"
}
],
"value": "There is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T17:25:47.812Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49081"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Input validation vulnerability in the Secure Access prior to version 13.55",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-49081",
"datePublished": "2025-06-12T17:25:47.812Z",
"dateReserved": "2025-05-30T18:23:44.238Z",
"dateUpdated": "2025-06-12T17:59:46.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49080 (GCVE-0-2025-49080)
Vulnerability from nvd – Published: 2025-06-12 17:08 – Updated: 2025-06-17 18:17
VLAI?
Summary
There is a memory management vulnerability in Absolute
Secure Access server versions 9.0 to 13.54. Attackers with network access to
the server can cause a Denial of Service by sending a specially crafted
sequence of packets to the server. The attack complexity is low, there are no
attack requirements, privileges, or user interaction required. Loss of
availability is high; there is no impact on confidentiality or integrity.
Severity ?
CWE
- CWE-762 - Mismatched Memory Management Routines
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Absolute Security | Secure Access |
Affected:
9.0 , < 13.54
(Server Version)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T17:12:45.895406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-762",
"description": "CWE-762 Mismatched Memory Management Routines",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T18:17:08.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Secure Access Server",
"product": "Secure Access",
"vendor": "Absolute Security",
"versions": [
{
"lessThan": "13.54",
"status": "affected",
"version": "9.0",
"versionType": "Server Version"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a memory management vulnerability in Absolute\nSecure Access server versions 9.0 to 13.54. Attackers with network access to\nthe server can cause a Denial of Service by sending a specially crafted\nsequence of packets to the server. The attack complexity is low, there are no\nattack requirements, privileges, or user interaction required. Loss of\navailability is high; there is no impact on confidentiality or integrity.\u003c/p\u003e"
}
],
"value": "There is a memory management vulnerability in Absolute\nSecure Access server versions 9.0 to 13.54. Attackers with network access to\nthe server can cause a Denial of Service by sending a specially crafted\nsequence of packets to the server. The attack complexity is low, there are no\nattack requirements, privileges, or user interaction required. Loss of\navailability is high; there is no impact on confidentiality or integrity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T17:08:50.086Z",
"orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"shortName": "Absolute"
},
"references": [
{
"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49080"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
"assignerShortName": "Absolute",
"cveId": "CVE-2025-49080",
"datePublished": "2025-06-12T17:08:50.086Z",
"dateReserved": "2025-05-30T18:23:44.238Z",
"dateUpdated": "2025-06-17T18:17:08.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}