Cross-Site Scripting Vulnerability in Absolute Secure Access Management Console
CVE-2025-27706

4.6MEDIUM

Key Information:

Vendor: Absolute Security
Status: Secure Access
Vendor: CVE Published:; 28 May 2025

🔔 Create Absolute Security Vulnerability Alert

What is CVE-2025-27706?

A cross-site scripting vulnerability exists in the management console of Absolute Secure Access versions prior to 13.54. This vulnerability allows attackers with system administrator permissions to exploit the console, potentially interfering with the activities of another administrator who accesses the affected page. The complexity of the attack is low, requiring no pre-existing conditions, but does necessitate high-level privileges and active user interaction. While the risks to confidentiality are minimal, there is a low impact on data integrity, and availability remains unaffected.

Affected Version(s)

Secure Access 0 < 13.54

References

https://www.absolute.com/platform/vulnerability-archive/c...

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
Mar 5, 2025