CVE-2025-54089

LOW

Absolute Secure Access < 14.10 - Authenticated Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges required to execute the attack are high and the victim must actively participate in the attack sequence. There is no impact to confidentiality or availability, there is a low impact to integrity.

Scores

CVSS v3 3.4
EPSS 0.0019
EPSS Percentile 9.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
absolute/secure_access < 14.10
Published Oct 02, 2025
Tracked Since Feb 18, 2026