Cross-site Scripting vulnerability in Secure Access prior to 14.10

4.6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Description

CVE-2025-54089 is a cross-site scripting vulnerability in versions
of secure access prior to 14.10. Attackers with administrative access to the
console can interfere with another administrator’s access to the console. The
attack complexity is low; there are no attack requirements. Privileges required
to execute the attack are high and the victim must actively participate in the
attack sequence. There is no impact to confidentiality or availability, there
is a low impact to integrity.

Basic Information

ID CVE-2025-54089

Source Absolute

Published Oct 2, 2025 at 20:15

Affected Product

Vendor Absolute Security

Product Secure Access

Affected Versions Absolute Security Secure Access 0

References

www.absolute.com /platform/security-information/vulnerability-archive/cve-2025-54089

{
    "lastseen": "",
    "description": "CVE-2025-54089 is a cross-site scripting vulnerability in versions\nof secure access prior to 14.10. Attackers with administrative access to the\nconsole can interfere with another administrator\u2019s access to the console. The\nattack complexity is low; there are no attack requirements. Privileges required\nto execute the attack are high and the victim must actively participate in the\nattack sequence. There is no impact to confidentiality or availability, there\nis a low impact to integrity.",
    "published": "2025-10-02T20:15:09.464Z",
    "modified": "2025-10-02T20:15:09.464Z",
    "type": "cve",
    "title": "Cross-site Scripting vulnerability in Secure Access prior to 14.10",
    "source": "Absolute",
    "references": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54089",
    "id": "CVE-2025-54089",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Absolute Security Secure Access 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Secure Access",
    "version": "0",
    "vendor": "Absolute Security",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cross-site Scripting vulnerability in Secure Access prior to 14.10_CVE-2025-54089

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply