Vulnerabilities > CVE-2025-27702 - Unspecified vulnerability in Absolute Secure Access

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

absolute

NVD

Published: 2025-05-28

Updated: 2025-06-04

Summary

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. There is no impact to system confidentiality or availability, impact to system integrity is high.

Vulnerable Configurations

Part	Description	Count
Application	Absolute Absolute Secure Access - Absolute Secure Access 12.50 Absolute Secure Access 12.70 Absolute Secure Access 13.04 Absolute Secure Access 13.05 Absolute Secure Access 13.06 Absolute Secure Access 13.07 Absolute Secure Access 13.08	8

References

https://www.absolute.com/platform/vulnerability-archive/cve-2025-27702