5.1
CVE-2025-49082
- EPSS 0.21%
- Veröffentlicht 30.07.2025 23:45:30
- Zuletzt bearbeitet 05.08.2025 20:16:11
- Quelle SecurityResponse@netmotionsoft
- CVE-Watchlists
- Unerledigt
LoginPermissions bypass vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56
CVE-2025-49082 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read other settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, there is no impact to system availability or integrity.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Absolute ≫ Secure Access Version < 13.56
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.113 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
|
| SecurityResponse@netmotionsoftware.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49082