CVE-2025-49081

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-49081
There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49081 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*
History

17 Jun 2025, 20:32

Type Values Removed Values Added
First Time Absolute secure Access
Absolute
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.9
CPE cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*
References () https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49081 - () https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49081 - Vendor Advisory

16 Jun 2025, 12:32

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de validación de entrada insuficiente en el componente de almacén de Absolute Secure Access anterior a la versión de servidor 13.55. Los atacantes con permisos de administrador del sistema pueden afectar la disponibilidad de la interfaz administrativa de Secure Access escribiendo datos no válidos en el almacén a través de la red. La complejidad del ataque es baja, no requiere ataques, se requieren privilegios elevados y no se requiere interacción del usuario. No afecta a la confidencialidad ni a la integridad; el impacto en la disponibilidad es alto.

12 Jun 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-12 18:15

Updated : 2025-06-17 20:32

NVD link : CVE-2025-49081

Mitre link : CVE-2025-49081

CVE.ORG link : CVE-2025-49081

JSON object : View

Products Affected

absolute

  • secure_access
CWE
CWE-20

Improper Input Validation