Skip to main content
CVE-2025-54089 LOW PATCH Monitor

Cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges required to execute the attack are high and the victim must actively participate in the attack sequence. There is no impact to confidentiality or availability, there is a low impact to integrity.

XSS
NVD
CVSS 3.1
3.4
EPSS
0.0%
CVE-2025-54086 LOW PATCH Monitor

CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability.

Privilege Escalation Java
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-54087 LOW PATCH Monitor

Server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and user interaction is required. There is no direct impact to confidentiality, integrity, or availability. There is a low severity subsequent system impact to integrity.

SSRF
NVD
CVSS 3.1
2.6
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy