CVE-2025-49082

31.07.2025, 00:15

CVE-2025-49082 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read other settings. The attack
complexity is low, there are no preexisting attack requirements; the privileges
required are high, and there is no user interaction required. The impact to
system confidentiality is low, there is no impact to system availability or
integrity.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
Absolute	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Common Weakness Enumeration

CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

Vulnerability Media Exposure

[GERMAN] Absolute Secure Access: Mehrere Schwachstellen
Ein entfernter authentisierter Angreifer mit hohen Privilegien kann mehrere Schwachstellen in Absolute Secure Access ausnutzen, um erhöhte Privilegien zu erlangen, Daten zu manipulieren und vertrauliche Informationen preiszugeben.
Published: 2025-07-29T22:00:00+00:00

References

https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49082