CVE-2025-54085

31.07.2025, 00:15

CVE-2025-54085 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read or change other settings. The
attack complexity is low, there are no preexisting attack requirements; the
privileges required are high, and there is no user interaction required. The
impact to system confidentiality and integrity is low, there is no impact to
system availability.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
Absolute	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Common Weakness Enumeration

CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

Vulnerability Media Exposure

[GERMAN] Absolute Secure Access: Mehrere Schwachstellen
Ein entfernter authentisierter Angreifer mit hohen Privilegien kann mehrere Schwachstellen in Absolute Secure Access ausnutzen, um erhöhte Privilegien zu erlangen, Daten zu manipulieren und vertrauliche Informationen preiszugeben.
Published: 2025-07-29T22:00:00+00:00

References

https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54085