PT-2025-40420 · Unknown · Absolute Secure Access
Published
2025-10-02
·
Updated
2025-10-16
·
CVE-2025-54086
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Absolute Secure Access versions prior to 14.10
Description
An excess permissions issue exists within the Warehouse component. An attacker who has access to the local file system can read the Java keystore file. The attack complexity is low, and no specific requirements or user interaction are needed. The confidentiality impact is low, with no impact to integrity or availability.
Recommendations
Update to version 14.10 or later.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Absolute Secure Access