CVE-2025-27705 MEDIUM

CVE-2025-27705

Vendor Absolute Security
Product Secure Access
Weakness CWE-79 · XSS
Published March 19, 2025
Last update March 19, 2025
View on NVD All CVEs

CVSS base score

5.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H

What the vulnerability does

01Description

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are none, user interaction is required. The impact to confidentiality is low, the impact to availability is none, and the impact to system integrity is none.

Key dates

02Disclosure timeline

March 19, 2025 CVE published
March 19, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-25697 Stored XSS in Portal for ArcGIS CVE-2023-25485 WordPress JSON Content Importer Plugin <= 1.3.15 is vulnerable to Cross Site Scripting (XSS) CVE-2025-48244 WordPress Exclusive Addons Elementor plugin <= 2.7.9 - Cross Site Scripting (XSS) Vulnerability CVE-2025-14893 IndieWeb <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter CVE-2025-34398 MailEnable < 10.54 Reflected XSS in AddressesBcc Parameter of AddressBook.aspx