CVE-2025-49080
BaseFortify
Publication date: 2025-06-12
Last updated on: 2025-06-23
Assigner: NetMotion Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| absolute | secure_access | From 9.0 (inc) to 13.54 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-762 | The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory management flaw in Absolute Secure Access server versions 9.0 to 13.54. An attacker with network access can exploit it by sending a specially crafted sequence of packets to the server, causing it to crash or become unavailable (Denial of Service). The attack is easy to perform, requires no privileges or user interaction, and only affects the availability of the server, not its confidentiality or integrity. [1]
How can this vulnerability impact me? :
The vulnerability can cause a Denial of Service on the Absolute Secure Access server, making the server unavailable to legitimate users. This loss of availability can disrupt services relying on the server, potentially causing downtime and impacting business operations. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the Absolute Secure Access server to version 13.55 or later, where the memory management flaw has been resolved. [1]