CVE-2025-54089

02.10.2025, 21:16

CVE-2025-54089 is a cross-site scripting vulnerability in versions
of secure access prior to 14.10. Attackers with administrative access to the
console can interfere with another administrators access to the console. The
attack complexity is low; there are no attack requirements. Privileges required
to execute the attack are high and the victim must actively participate in the
attack sequence. There is no impact to confidentiality or availability, there
is a low impact to integrity.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Absolute	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Vulnerability Media Exposure

[GERMAN] Absolute Secure Access: Mehrere Schwachstellen
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Absolute Secure Access ausnutzen, um Informationen offenzulegen, falsche Informationen darzustellen oder einen Cross Site Scripting Angriff durchzuführen.
Published: 2025-09-30T22:00:00+00:00

References

https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54089