Cross-Site Scripting Vulnerability in Absolute Secure Access Administrative Console
CVE-2025-27705

5.5MEDIUM

Key Information:

Vendor: Absolute Security
Status: Secure Access
Vendor: CVE Published:; 19 March 2025

🔔 Create Absolute Security Vulnerability Alert

What is CVE-2025-27705?

The administrative console of Absolute Secure Access is susceptible to cross-site scripting attacks due to insufficient input validation. This vulnerability allows attackers with system administrator permissions to disrupt another administrator's usage of the console when they attempt to log in. The attack complexity is high, requiring specific privileges and user interaction. Although the potential impact on confidentiality is low, organizations must remain vigilant to ensure the security of their administrative operations.

Affected Version(s)

Secure Access 0 <= 13.52

References

https://www.absolute.com/platform/security-information/vu...

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2025
Vulnerability Reserved
Mar 5, 2025