1. Home
  2. CVE Database
  3. CVE-2025-27706
LOW · 3.4

CVE-2025-27706

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with ...

Vulnerability Description

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits the page. Attack complexity is low, there are no preexisting attack requirements, privileges required are high and active user interaction is required. There is no impact on confidentiality, the impact on integrity is low and there is no impact on availability.

CVSS Score

3.4

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
AbsoluteSecure Access< 13.54

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2025-27706?

CVE-2025-27706 is a vulnerability with a CVSS score of 3.4 (LOW). CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with ...

How severe is CVE-2025-27706?

CVE-2025-27706 has been rated LOW with a CVSS base score of 3.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-27706?

Check the references section above for vendor advisories and patch information. Affected products include: Absolute Secure Access.