CVE-2025-27704

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are none, user interaction is required. The impact to confidentiality is low, the impact to availability is none, and the impact to system integrity is none.

CVSS

No CVSS.

References

Link	Resource
https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1353/

Configurations

No configuration.

History

19 Mar 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-19 19:15

Updated : 2025-03-19 19:15

NVD link : CVE-2025-27704

Mitre link : CVE-2025-27704

CVE.ORG link : CVE-2025-27704

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-27704", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "SecurityResponse@netmotionsoftware.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.5, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-19T19:15:47.390", "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/secure-access-1353/", "source": "SecurityResponse@netmotionsoftware.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "SecurityResponse@netmotionsoftware.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "There is a cross-site scripting vulnerability in the Secure\nAccess administrative console of Absolute Secure Access prior to version 13.53.\nAttackers with system administrator permissions can interfere with another\nsystem administrator\u2019s use of the management console when the second\nadministrator logs in. Attack complexity is high, attack requirements are\npresent, privileges required are none, user interaction is required. The impact\nto confidentiality is low, the impact to availability is none, and the impact\nto system integrity is none."}], "lastModified": "2025-03-19T19:15:47.390", "sourceIdentifier": "SecurityResponse@netmotionsoftware.com"}