Cross-Site Scripting Flaw in Secure Access by Absolute
CVE-2025-54089

4.6MEDIUM

Key Information:

Vendor: Absolute Security
Status: Secure Access
Vendor: CVE Published:; 2 October 2025

🔔 Create Absolute Security Vulnerability Alert

What is CVE-2025-54089?

A cross-site scripting vulnerability exists in Absolute's Secure Access platform in versions prior to 14.10. This vulnerability allows attackers with administrative privileges to exploit the console, potentially disrupting access for other administrators. While the attack complexity is low and does not require additional conditions, it necessitates the victim's active involvement. While there is minimal threat to confidentiality or availability, integrity may be at risk during the exploitation.

Affected Version(s)

Secure Access 0 < 14.10

References

https://www.absolute.com/platform/security-information/vu...

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2025
Vulnerability Reserved
Jul 16, 2025

JSON