CVE-2025-54089
LOWAbsolute Secure Access < 14.10 - Authenticated Stored Cross-Site Scripting
Title source: llmDescription
CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges required to execute the attack are high and the victim must actively participate in the attack sequence. There is no impact to confidentiality or availability, there is a low impact to integrity.
References (1)
Core 1
Core References
Scores
CVSS v3
3.4
EPSS
0.0019
EPSS Percentile
9.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
absolute/secure_access
< 14.10
Published
Oct 02, 2025
Tracked Since
Feb 18, 2026