CVE-2025-27706

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits the page. Attack complexity is low, there are no preexisting attack requirements, privileges required are high and active user interaction is required. There is no impact on confidentiality, the impact on integrity is low and there is no impact on availability.

Published: May 28, 2025
Updated: Jun 5, 2025
CVE: CVE-2025-27706
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.4
AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
absolute / secure_access	-	13.54

https://www.absolute.com/platform/vulnerability-archive/cve-2025-27706

Vulnerability Database

289,784

CVE-2025-27706