CVE-2025-54089 MEDIUM

CVE-2025-54089: Cross-site Scripting vulnerability in Secure Access prior to 14.10

Vendor Absolute Security
Product Secure Access
Published October 2, 2025
Last update October 3, 2025

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges required to execute the attack are high and the victim must actively participate in the attack sequence. There is no impact to confidentiality or availability, there is a low impact to integrity.

Key dates

02Disclosure timeline

October 2, 2025 CVE published
October 3, 2025 Record updated