CVE Details
Basic Information
| Title | Permissions bypass vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56 |
|---|---|
| Type | cve |
| Published | 2025-07-30T23:45:30.677Z |
| Modified | 2025-07-30T23:45:30.677Z |
Product Information
| Vendor | Absolute Security |
|---|---|
| Product | Secure Access |
| Version | 0 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Affected Products
- Absolute Security Secure Access 0
Additional Information
| Source | Absolute |
|---|
Description
CVE-2025-49082 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read other settings. The attack
complexity is low, there are no preexisting attack requirements; the privileges
required are high, and there is no user interaction required. The impact to
system confidentiality is low, there is no impact to system availability or
integrity.
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read other settings. The attack
complexity is low, there are no preexisting attack requirements; the privileges
required are high, and there is no user interaction required. The impact to
system confidentiality is low, there is no impact to system availability or
integrity.