Secure Access
CVE-2025-59596
MEDIUM
Severity by source
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash.
AnalysisAI
CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash. Affected products include: Absolute Secure Access. Version information: version 14.12..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Secure Access
View allPersistent denial-of-service in Absolute Secure Access servers before version 14.55 allows a remote attacker with deep,
Local privilege escalation in Absolute Secure Access for Windows (client and server) before version 14.55 allows a low-p
Memory management vulnerability in Absolute Secure Access server versions 9.0 through 13.54 that allows unauthenticated,
Secure Access Server versions before 14.20 are vulnerable to a network-based denial-of-service attack where unauthentica
Buffer overflow in Absolute Secure Access server (versions before 14.50) allows authenticated remote attackers with modi
Persistent denial-of-service in Absolute Secure Access servers before version 14.55 allows an authenticated tunnel parti
Memory management flaw in Absolute Secure Access prior to version 14.55 allows a remote attacker with deep protocol know
Non-persistent denial-of-service against Absolute Secure Access servers prior to version 14.55 is achievable by an attac
Heap overflow in Absolute Security Secure Access client certificate parsing causes a local denial of service. Versions p
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the c
Frameable content on the Absolute Secure Access server login page (versions prior to 14.55) enables clickjacking attacks
There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today