CVE-2025-49082

EPSS 0.03%
Published 30.07.2025 23:45:30
Last modified 05.08.2025 20:16:11
Source SecurityResponse@netmotionsoft
Teams watchlist Login
Open Login

CVE-2025-49082 is a vulnerability in the management console
of Absolute Secure Access prior to version 13.56. Attackers with administrative
access to the console and who have been assigned a certain set of permissions
can bypass those permissions to improperly read other settings. The attack
complexity is low, there are no preexisting attack requirements; the privileges
required are high, and there is no user interaction required. The impact to
system confidentiality is low, there is no impact to system availability or
integrity.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Absolute ≫ Secure Access Version < 13.56

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.074

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
SecurityResponse@netmotionsoftware.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49082

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-49082

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-49082

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-49082

EUVD