CVE-2025-27703

Privilege escalation in the management console of Absolute Secure Access prior to version 13.54

Description

CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the console. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, the impact to system integrity is high and the impact to system availability is low.

Category

7.0
CVSS
Severity: High
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.03%
Vendor Advisory absolute.com
Affected: Absolute Security Secure Access
Published at:
Updated at:

References

Link Tags
https://www.absolute.com/platform/vulnerability-archive/cve-2025-27703 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-27703?
CVE-2025-27703 has been scored as a high severity vulnerability.
How to fix CVE-2025-27703?
To fix CVE-2025-27703, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-27703 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-27703 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-27703?
CVE-2025-27703 affects Absolute Security Secure Access.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.