CVE-2025-27703: Privilege escalation in the management console of Absolute Secure Access prior to version 13.54

7.0 CVSS

Description

CVE-2025-27703 is a privilege escalation vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with administrative access to a specific subset of privileged features
in the console can elevate their permissions to access additional
features in the console. The attack complexity is low, there are no
preexisting attack requirements; the privileges required are high, and
there is no user interaction required. The impact to system
confidentiality is low, the impact to system integrity is high and the
impact to system availability is low.

Classification

CVE ID: CVE-2025-27703

CVSS Base Severity: HIGH

CVSS Base Score: 7.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

Affected Products

Vendor: Absolute Security

Product: Secure Access

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 8.97% (scored less or equal to compared to others)

EPSS Date: 2025-06-08 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-27703
https://www.absolute.com/platform/vulnerability-archive/cve-2025-27703

Timeline

2025-05-28 21:40:15 UTC
CVE

Privilege escalation in the management console of Absolute Secure Access prior to version 13.54