Skip to main content

Secure Access EUVDEUVD-2025-18200

| CVE-2025-49080 HIGH
Mismatched Memory Management Routines (CWE-762)
2025-06-12 SecurityResponse@netmotionsoftware.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:39 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
13.54
EUVD ID Assigned
Mar 14, 2026 - 21:20 euvd
EUVD-2025-18200
Analysis Generated
Mar 14, 2026 - 21:20 vuln.today
CVE Published
Jun 12, 2025 - 17:15 nvd
HIGH 7.5

DescriptionCVE.org

There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are no attack requirements, privileges, or user interaction required. Loss of availability is high; there is no impact on confidentiality or integrity.

AnalysisAI

Memory management vulnerability in Absolute Secure Access server versions 9.0 through 13.54 that allows unauthenticated, network-based attackers to trigger a Denial of Service condition by sending specially crafted packet sequences. The vulnerability requires no privileges or user interaction and has high availability impact (complete service disruption), though no data confidentiality or integrity risk. This is a critical operational risk for organizations dependent on Absolute Secure Access for remote connectivity.

Technical ContextAI

The vulnerability stems from CWE-762 (Mismatched Validation of Loop Condition), a memory management flaw in the Absolute Secure Access server's packet handling logic. The affected technology is Absolute Secure Access (CPE: cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*), a remote connectivity and access control solution. The memory management defect exists in versions 9.0 through 13.54, suggesting the flaw was introduced or remained unpatched across multiple major release cycles. The root cause involves improper validation of loop conditions during packet processing, likely resulting in unbounded memory consumption, buffer exhaustion, or unsafe memory access that crashes the service. The network-accessible attack surface (AV:N) indicates the vulnerable code path is directly reachable from unauthenticated network connections, typical of server socket handlers or protocol parsers.

CVE-2026-33445 HIGH
8.7 Jul 15

Persistent denial-of-service in Absolute Secure Access servers before version 14.55 allows a remote attacker with deep,

CVE-2026-40952 HIGH
8.5 Jul 15

Local privilege escalation in Absolute Secure Access for Windows (client and server) before version 14.55 allows a low-p

CVE-2026-0517 HIGH
7.5 Jan 17

Secure Access Server versions before 14.20 are vulnerable to a network-based denial-of-service attack where unauthentica

CVE-2026-40950 HIGH
7.1 Apr 30

Buffer overflow in Absolute Secure Access server (versions before 14.50) allows authenticated remote attackers with modi

CVE-2026-33443 HIGH
7.1 Jul 15

Persistent denial-of-service in Absolute Secure Access servers before version 14.55 allows an authenticated tunnel parti

CVE-2026-55398 MEDIUM
6.9 Jul 15

Memory management flaw in Absolute Secure Access prior to version 14.55 allows a remote attacker with deep protocol know

CVE-2026-33444 MEDIUM
6.9 Jul 15

Non-persistent denial-of-service against Absolute Secure Access servers prior to version 14.55 is achievable by an attac

CVE-2026-40953 MEDIUM
6.7 Jul 15

Heap overflow in Absolute Security Secure Access client certificate parsing causes a local denial of service. Versions p

CVE-2025-54088 MEDIUM
6.1 Oct 02

CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the c

CVE-2026-40957 MEDIUM
6.1 Jul 15

Frameable content on the Absolute Secure Access server login page (versions prior to 14.55) enables clickjacking attacks

CVE-2024-37345 MEDIUM
5.4 Jun 20

There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to

CVE-2024-37343 MEDIUM
5.4 Jun 20

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prio

Share

EUVD-2025-18200 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy