CVE-2025-54085
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-08-05
Assigner: NetMotion Software
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| absolute | secure_access | to 13.56 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access versions prior to 13.56. It allows attackers who already have administrative access and certain permissions to bypass those permissions and improperly read or change other settings within the console. The attack complexity is low, no user interaction is needed, but high privileges are required.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with administrative access to bypass permission restrictions and read or modify settings they should not have access to. This affects the confidentiality and integrity of the system, although the impact is considered low. There is no impact on system availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Absolute Secure Access to version 13.56 or later, as the vulnerability affects versions prior to 13.56. Additionally, restrict administrative access to the management console to trusted users only and review assigned permissions carefully to minimize risk.