CVE-2025-49081

Input validation vulnerability in the Secure Access prior to version 13.55

Description

There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high.

References

Link	Tags
https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49081	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2025-49081?: CVE-2025-49081 has been scored as a medium severity vulnerability.
How to fix CVE-2025-49081?: To fix CVE-2025-49081, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-49081 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-49081 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-49081?: CVE-2025-49081 affects Absolute Security Secure Access.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions