Permissions bypass vulnerability in the Secure Access administrative console of...

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

CVE-2025-49082 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read other settings. The attack
complexity is low, there are no preexisting attack requirements; the privileges
required are high, and there is no user interaction required. The impact to
system confidentiality is low, there is no impact to system availability or
integrity.

Basic Information

ID CVE-2025-49082

Source Absolute

Published Jul 30, 2025 at 23:45

Modified Jul 31, 2025 at 13:30

Affected Product

Vendor Absolute Security

Product Secure Access

Affected Versions Absolute Security Secure Access 0

CWE Classification

CWE-276

References

www.absolute.com /platform/security-information/vulnerability-archive/cve-2025-49082

{
    "lastseen": "",
    "description": "CVE-2025-49082 is a vulnerability in the management console\nof Absolute Secure Access prior to version 13.56. Attackers with administrative\naccess to the console and who have been assigned a certain set of permissions\ncan bypass those permissions to improperly read other settings. The attack\ncomplexity is low, there are no preexisting attack requirements; the privileges\nrequired are high, and there is no user interaction required. The impact to\nsystem confidentiality is low, there is no impact to system availability or\nintegrity.",
    "published": "2025-07-30T23:45:30.677Z",
    "modified": "2025-07-31T13:30:00.892Z",
    "type": "cve",
    "title": "Permissions bypass vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56",
    "source": "Absolute",
    "references": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49082",
    "id": "CVE-2025-49082",
    "bulletinFamily": "",
    "cwe": [
        "CWE-276"
    ],
    "cvelist": null,
    "sourceData": "Absolute Security Secure Access 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Secure Access",
    "version": "0",
    "vendor": "Absolute Security",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Permissions bypass vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56_CVE-2025-49082