CVE-2025-27704

Name of the Vulnerable Software and Affected Versions Absolute Secure Access versions prior to 13.53 Absolute Secure Access versions prior to 13.07

Description The issue is related to a cross-site scripting vulnerability in the Secure Access administrative console. Attackers with system administrator permissions can interfere with another system administrator's use of the management console when the second administrator logs in. The attack complexity is high, and user interaction is required. The impact to confidentiality is low, while there is no impact to availability and system integrity.

Recommendations For versions prior to 13.53, update to version 13.53 or later. For versions prior to 13.07, update to version 13.07 or later. As a temporary workaround, consider restricting access to the Secure Access administrative console to minimize the risk of exploitation.