Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-54089

CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges required to execute the attack are high and the victim must actively participate in the attack sequence. There is no impact to confidentiality or availability, there is a low impact to integrity.

Published

2025-10-02T21:16:00.860

Last Modified

2025-10-16T18:21:03.213

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.4 (LOW)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	absolute	secure_access	< 14.10	Yes

References

https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54089 Vendor Advisory ([email protected])