Cross-Site Scripting Vulnerability in Absolute Secure Access Management Console
CVE-2025-27706

4.6MEDIUM

Key Information:

Vendor: Absolute Security
Status: Secure Access
Vendor: CVE Published:; 28 May 2025

🔔 Create Absolute Security Vulnerability Alert

What is CVE-2025-27706?

A cross-site scripting vulnerability exists in the management console of Absolute Secure Access versions prior to 13.54. This vulnerability allows attackers with system administrator permissions to exploit the console, potentially interfering with the activities of another administrator who accesses the affected page. The complexity of the attack is low, requiring no pre-existing conditions, but does necessitate high-level privileges and active user interaction. While the risks to confidentiality are minimal, there is a low impact on data integrity, and availability remains unaffected.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Secure Access 0 < 13.54

References

https://www.absolute.com/platform/vulnerability-archive/c...

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
Mar 5, 2025

JSON

Absolute Security

What is CVE-2025-27706?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.