Vulnerability-Lookup

CVE-2025-54085 (GCVE-0-2025-54085)

Vulnerability from cvelistv5 – Published: 2025-07-30 23:40 – Updated: 2025-07-31 13:31

Title

Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56

Summary

CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read or change other settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality and integrity is low, there is no impact to system availability.

Severity

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-276 - Incorrect Default Permissions

Assigner

Absolute

References

1 reference

URL	Tags
https://www.absolute.com/platform/security-inform…

Impacted products

1 product

Vendor	Product	Version
Absolute Security	Secure Access	Affected: 0 , < 13.56 (Server)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54085",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-31T13:30:40.243410Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-276",
                "description": "CWE-276 Incorrect Default Permissions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-31T13:31:58.019Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Administrative Console",
          "product": "Secure Access",
          "vendor": "Absolute Security",
          "versions": [
            {
              "lessThan": "13.56",
              "status": "affected",
              "version": "0",
              "versionType": "Server"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCVE-2025-54085 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read or change other settings. The\nattack complexity is low, there are no preexisting attack requirements; the\nprivileges required are high, and there is no user interaction required. The\nimpact to system confidentiality and integrity is low, there is no impact to\nsystem availability. \u003c/p\u003e"
            }
          ],
          "value": "CVE-2025-54085 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read or change other settings. The\nattack complexity is low, there are no preexisting attack requirements; the\nprivileges required are high, and there is no user interaction required. The\nimpact to system confidentiality and integrity is low, there is no impact to\nsystem availability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T23:40:28.441Z",
        "orgId": "b6533044-ea05-4482-8458-7bddeca0d079",
        "shortName": "Absolute"
      },
      "references": [
        {
          "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079",
    "assignerShortName": "Absolute",
    "cveId": "CVE-2025-54085",
    "datePublished": "2025-07-30T23:40:28.441Z",
    "dateReserved": "2025-07-16T17:10:03.452Z",
    "dateUpdated": "2025-07-31T13:31:58.019Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-54085",
      "date": "2026-06-10",
      "epss": "0.00146",
      "percentile": "0.3482"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-54085\",\"sourceIdentifier\":\"SecurityResponse@netmotionsoftware.com\",\"published\":\"2025-07-31T00:15:27.290\",\"lastModified\":\"2025-08-05T20:03:18.380\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CVE-2025-54085 is a vulnerability in the management console\\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\\naccess to the console and who have been assigned a certain set of permissions\\ncan bypass those permissions to improperly read or change other settings. The\\nattack complexity is low, there are no preexisting attack requirements; the\\nprivileges required are high, and there is no user interaction required. The\\nimpact to system confidentiality and integrity is low, there is no impact to\\nsystem availability.\"},{\"lang\":\"es\",\"value\":\"CVE-2025-54085 es una vulnerabilidad en la consola de administraci\u00f3n de Absolute Secure Access anterior a la versi\u00f3n 13.56. Los atacantes con acceso administrativo a la consola y con ciertos permisos asignados pueden eludirlos para leer o modificar incorrectamente otras configuraciones. La complejidad del ataque es baja, no existen requisitos previos; se requieren privilegios altos y no se requiere interacci\u00f3n del usuario. El impacto en la confidencialidad e integridad del sistema es bajo y no afecta a su disponibilidad.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"SecurityResponse@netmotionsoftware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":3.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.56\",\"matchCriteriaId\":\"5A96BA84-1837-40DA-B7BB-F77EB3FBFAE5\"}]}]}],\"references\":[{\"url\":\"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085\",\"source\":\"SecurityResponse@netmotionsoftware.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54085\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-31T13:30:40.243410Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-276\", \"description\": \"CWE-276 Incorrect Default Permissions\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-31T13:31:52.499Z\"}}], \"cna\": {\"title\": \"Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Absolute Security\", \"product\": \"Secure Access\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"13.56\", \"versionType\": \"Server\"}], \"packageName\": \"Administrative Console\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"CVE-2025-54085 is a vulnerability in the management console\\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\\naccess to the console and who have been assigned a certain set of permissions\\ncan bypass those permissions to improperly read or change other settings. The\\nattack complexity is low, there are no preexisting attack requirements; the\\nprivileges required are high, and there is no user interaction required. The\\nimpact to system confidentiality and integrity is low, there is no impact to\\nsystem availability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eCVE-2025-54085 is a vulnerability in the management console\\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\\naccess to the console and who have been assigned a certain set of permissions\\ncan bypass those permissions to improperly read or change other settings. The\\nattack complexity is low, there are no preexisting attack requirements; the\\nprivileges required are high, and there is no user interaction required. The\\nimpact to system confidentiality and integrity is low, there is no impact to\\nsystem availability. \u003c/p\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"b6533044-ea05-4482-8458-7bddeca0d079\", \"shortName\": \"Absolute\", \"dateUpdated\": \"2025-07-30T23:40:28.441Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-54085\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-31T13:31:58.019Z\", \"dateReserved\": \"2025-07-16T17:10:03.452Z\", \"assignerOrgId\": \"b6533044-ea05-4482-8458-7bddeca0d079\", \"datePublished\": \"2025-07-30T23:40:28.441Z\", \"assignerShortName\": \"Absolute\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-54085

Vulnerability from fkie_nvd - Published: 2025-07-31 00:15 - Updated: 2025-08-05 20:03

Severity

3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Summary

References

	URL	Tags
	SecurityResponse@netmotionsoftware.com	https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085	Vendor Advisory

Impacted products

	Vendor	Product	Version
	absolute	secure_access	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A96BA84-1837-40DA-B7BB-F77EB3FBFAE5",
              "versionEndExcluding": "13.56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CVE-2025-54085 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read or change other settings. The\nattack complexity is low, there are no preexisting attack requirements; the\nprivileges required are high, and there is no user interaction required. The\nimpact to system confidentiality and integrity is low, there is no impact to\nsystem availability."
    },
    {
      "lang": "es",
      "value": "CVE-2025-54085 es una vulnerabilidad en la consola de administraci\u00f3n de Absolute Secure Access anterior a la versi\u00f3n 13.56. Los atacantes con acceso administrativo a la consola y con ciertos permisos asignados pueden eludirlos para leer o modificar incorrectamente otras configuraciones. La complejidad del ataque es baja, no existen requisitos previos; se requieren privilegios altos y no se requiere interacci\u00f3n del usuario. El impacto en la confidencialidad e integridad del sistema es bajo y no afecta a su disponibilidad."
    }
  ],
  "id": "CVE-2025-54085",
  "lastModified": "2025-08-05T20:03:18.380",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.8,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "SecurityResponse@netmotionsoftware.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-31T00:15:27.290",
  "references": [
    {
      "source": "SecurityResponse@netmotionsoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085"
    }
  ],
  "sourceIdentifier": "SecurityResponse@netmotionsoftware.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-P82V-F8G6-GH2J

Vulnerability from github – Published: 2025-07-31 00:31 – Updated: 2025-08-05 21:31

Details

Severity

3.8 (Low)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

5.1 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-54085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-31T00:15:27Z",
    "severity": "MODERATE"
  },
  "details": "CVE-2025-54085 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read or change other settings. The\nattack complexity is low, there are no preexisting attack requirements; the\nprivileges required are high, and there is no user interaction required. The\nimpact to system confidentiality and integrity is low, there is no impact to\nsystem availability.",
  "id": "GHSA-p82v-f8g6-gh2j",
  "modified": "2025-08-05T21:31:27Z",
  "published": "2025-07-31T00:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54085"
    },
    {
      "type": "WEB",
      "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

WID-SEC-W-2025-1677

Vulnerability from csaf_certbund - Published: 2025-07-29 22:00 - Updated: 2025-07-30 22:00

Summary

Absolute Secure Access: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Absolute Secure Access ist eine Sicherheitslösung, die einen sicheren Netzwerkzugriff für Endgeräte ermöglicht, unabhängig von deren Standort.

Angriff: Ein entfernter authentisierter Angreifer mit hohen Privilegien kann mehrere Schwachstellen in Absolute Secure Access ausnutzen, um erhöhte Privilegien zu erlangen, Daten zu manipulieren und vertrauliche Informationen preiszugeben.

Betroffene Betriebssysteme: - Sonstiges

CVE-2025-49082

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Absolute Secure Access <13.56 Absolute / Secure Access		<13.56

CVE-2025-49083

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Absolute Secure Access <13.56 Absolute / Secure Access		<13.56

CVE-2025-49084

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Absolute Secure Access <13.56 Absolute / Secure Access		<13.56

CVE-2025-54085

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Absolute Secure Access <13.56 Absolute / Secure Access		<13.56

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.absolute.com/platform/security-inform…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Absolute Secure Access ist eine Sicherheitsl\u00f6sung, die einen sicheren Netzwerkzugriff f\u00fcr Endger\u00e4te erm\u00f6glicht, unabh\u00e4ngig von deren Standort.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter authentisierter Angreifer mit hohen Privilegien kann mehrere Schwachstellen in Absolute Secure Access ausnutzen, um erh\u00f6hte Privilegien zu erlangen, Daten zu manipulieren und vertrauliche Informationen preiszugeben.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1677 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1677.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1677 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1677"
      },
      {
        "category": "external",
        "summary": "Absolute Security Information vom 2025-07-29",
        "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1356"
      }
    ],
    "source_lang": "en-US",
    "title": "Absolute Secure Access: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-07-30T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-31T07:44:38.552+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1677",
      "initial_release_date": "2025-07-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-30T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-23216, EUVD-2025-23215, EUVD-2025-23214, EUVD-2025-23218"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c13.56",
                "product": {
                  "name": "Absolute Secure Access \u003c13.56",
                  "product_id": "T045748"
                }
              },
              {
                "category": "product_version",
                "name": "13.56",
                "product": {
                  "name": "Absolute Secure Access 13.56",
                  "product_id": "T045748-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:absolute:secure_access:13.56"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Secure Access"
          }
        ],
        "category": "vendor",
        "name": "Absolute"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-49082",
      "product_status": {
        "known_affected": [
          "T045748"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-49082"
    },
    {
      "cve": "CVE-2025-49083",
      "product_status": {
        "known_affected": [
          "T045748"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-49083"
    },
    {
      "cve": "CVE-2025-49084",
      "product_status": {
        "known_affected": [
          "T045748"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-49084"
    },
    {
      "cve": "CVE-2025-54085",
      "product_status": {
        "known_affected": [
          "T045748"
        ]
      },
      "release_date": "2025-07-29T22:00:00.000+00:00",
      "title": "CVE-2025-54085"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-54085 (GCVE-0-2025-54085)

FKIE_CVE-2025-54085

GHSA-P82V-F8G6-GH2J

WID-SEC-W-2025-1677

Tags

Sightings

Nomenclature