CVE-2025-27706: Cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.54

4.6 CVSS

Description

CVE-2025-27706 is a cross-site scripting vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with system administrator permissions can interfere with another system
administrator’s use of the management console when the second
administrator visits the page. Attack complexity is low, there are no
preexisting attack requirements, privileges required are high and active
user interaction is required. There is no impact on confidentiality,
the impact on integrity is low and there is no impact on availability.

Classification

CVE ID: CVE-2025-27706

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.6

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor: Absolute Security

Product: Secure Access

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 8.87% (scored less or equal to compared to others)

EPSS Date: 2025-05-29 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-27706
https://www.absolute.com/platform/vulnerability-archive/cve-2025-27706

Timeline

2025-05-28 22:40:21 UTC
CVE

Cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.54