CVE-2025-27702 | THREATINT

Description

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. There is no impact to system confidentiality or availability, impact to system integrity is high.

PUBLISHED Reserved 2025-03-05 | Published 2025-05-28 | Updated 2025-05-28 | Assigner Absolute

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Product status

Default status

unaffected

Any version before 13.54

affected

References

www.absolute.com/...orm/vulnerability-archive/cve-2025-27702

cve.org (CVE-2025-27702)

nvd.nist.gov (CVE-2025-27702)

Download JSON