CVE-2025-54085

CVSS v3 3.8 LOW

3.8^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

C

VE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read or change other settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality and integrity is low, there is no impact to system availability.

References

Link	Resource
https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*

History

05 Aug 2025, 20:03

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-31 00:15

Updated : 2025-08-05 20:03

NVD link : CVE-2025-54085

Mitre link : CVE-2025-54085

CVE.ORG link : CVE-2025-54085

JSON object : View

Products Affected

secure_access

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2025-54085", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-31T00:15:27.290", "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "CVE-2025-54085 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read or change other settings. The\nattack complexity is low, there are no preexisting attack requirements; the\nprivileges required are high, and there is no user interaction required. The\nimpact to system confidentiality and integrity is low, there is no impact to\nsystem availability."}, {"lang": "es", "value": "CVE-2025-54085 es una vulnerabilidad en la consola de administraci\u00f3n de Absolute Secure Access anterior a la versi\u00f3n 13.56. Los atacantes con acceso administrativo a la consola y con ciertos permisos asignados pueden eludirlos para leer o modificar incorrectamente otras configuraciones. La complejidad del ataque es baja, no existen requisitos previos; se requieren privilegios altos y no se requiere interacci\u00f3n del usuario. El impacto en la confidencialidad e integridad del sistema es bajo y no afecta a su disponibilidad."}], "lastModified": "2025-08-05T20:03:18.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A96BA84-1837-40DA-B7BB-F77EB3FBFAE5", "versionEndExcluding": "13.56"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}