216.73.216.6

CVE-2025-27706

· Published 28/05/2025 21:15 · Modified 29/05/2025 14:29

Labels: CVE-2025-27706 2025-05-28CVE-2025-27706CWE-79[email protected]

Essential information

Published
28/05/2025 21:15
Modified
29/05/2025 14:29
Author
Creator
CVSS
4.6 MEDIUM (v3) 4.6 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits the page. Attack complexity is low, there are no preexisting attack requirements, privileges required are high and active user interaction is required. There is no impact on confidentiality, the impact on integrity is low and there is no impact on availability.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
netmotionsoftware / absolute secure access cpe:2.3:a:netmotionsoftware:absolute_secure_access:<13.54:*:*:*:*:*:*:*

References