CVE-2025-27702: Permissions bypass in the management console of Absolute Secure Access prior to version 13.54
Description
CVE-2025-27702 is a vulnerability in the management console of Absolute
Secure Access prior to version 13.54. Attackers with administrative
access to the console and who have been assigned a certain set of
permissions can bypass those permissions to improperly modify settings.
The attack complexity is low, there are no preexisting attack
requirements; the privileges required are high, and there is no user
interaction required. There is no impact to system confidentiality or
availability, impact to system integrity is high.
Classification
CVE ID: CVE-2025-27702
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.9
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
Vendor: Absolute Security
Product: Secure Access
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 5.88% (scored less or equal to compared to others)
EPSS Date: 2025-06-17 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-27702https://www.absolute.com/platform/vulnerability-archive/cve-2025-27702