CVE-2025-27705

Published Mar 19, 2025

Last updated 16 days ago

CVSS medium 5.5

Overview

Description
There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are none, user interaction is required. The impact to confidentiality is low, the impact to availability is none, and the impact to system integrity is none.
Source
SecurityResponse@netmotionsoftware.com
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.5
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

Weaknesses

SecurityResponse@netmotionsoftware.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2025-27705 There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system admi… https://t.co/2onArQxdYr

    @CVEnew

    19 Mar 2025

    410 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References