Server-Side Request Forgery Vulnerability in Secure Access by Absolute Software
CVE-2025-54087

1.8LOW

Key Information:

Vendor: Absolute Security
Status: Secure Access
Vendor: CVE Published:; 2 October 2025

🔔 Create Absolute Security Vulnerability Alert

What is CVE-2025-54087?

This vulnerability manifests within Absolute Software's Secure Access, where an attacker with administrative privileges can exploit the system by publishing specially crafted HTTP requests originating from the Secure Access server itself. While the attack involves high complexity, it does not require specific prerequisites, but does necessitate user interaction. The vulnerability poses a potential risk to the integrity of the system, although it does not directly compromise confidentiality or availability.

Affected Version(s)

Secure Access 0

References

https://www.absolute.com/platform/security-information/vu...

CVSS V4

Score:

1.8

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Jul 16, 2025

JSON