CVE-2025-54085 | THREATINT

Description

CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read or change other settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality and integrity is low, there is no impact to system availability.

PUBLISHED Reserved 2025-07-16 | Published 2025-07-30 | Updated 2025-07-31 | Assigner Absolute

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Product status

Default status

unaffected

Any version before 13.56

affected

References

www.absolute.com/...ion/vulnerability-archive/cve-2025-54085

cve.org (CVE-2025-54085)

nvd.nist.gov (CVE-2025-54085)

Download JSON