CVE-2025-27705

Severity CVSS v4.0:

MEDIUM

Type:

CWE-79 Cross-Site Scripting (XSS)

Publication date:

19/03/2025

Last modified:

19/03/2025

Description

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are none, user interaction is required. The impact to confidentiality is low, the impact to availability is none, and the impact to system integrity is none.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H CVSS v4.0 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H

Attack Vector (AV): Network
Attack Complexity (AC): High
Attack Requirements (AT): Present
Privileges Required (PR): None
User Interaction (UI): Active
Confidentiality (VC): Low
Integrity (VI): None
Availability (VA): None
Confidentiality (SC): High
Integrity (SI): High
Availability (SA): High

Base Score 4.0

5.50

Severity 4.0

MEDIUM

References to Advisories, Solutions, and Tools

https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1353/