CVE-2025-49082

31.07.2025, 00:15

CVE-2025-49082 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read other settings. The attack
complexity is low, there are no preexisting attack requirements; the privileges
required are high, and there is no user interaction required. The impact to
system confidentiality is low, there is no impact to system availability or
integrity.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2.7 LOW	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Absolute	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Vendor	Product	Version
absolute	secure_access	𝑥 < 13.56

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References

https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49082