CVE-2025-27702— Permissions bypass in the management console of Absolute Secure Access prior to version 13.54
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-27702
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Permissions bypass in the management console of Absolute Secure Access prior to version 13.54
Source: NVD (National Vulnerability Database)
Vulnerability Description
CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. There is no impact to system confidentiality or availability, impact to system integrity is high.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Absolute Secure Access 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Absolute Secure Access是Absolute公司的一款应用程序。以提供针对混合和移动工作模式优化的安全服务边缘(SSE)。 Absolute Secure Access 13.54之前版本存在安全漏洞,该漏洞源于管理控制台授权不当,可能导致具有管理权限的攻击者绕过权限限制修改设置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Absolute Security | Secure Access | 0 ~ 13.54 | - |
II. Public POCs for CVE-2025-27702
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-27702
请登录查看更多情报信息。
Same Patch Batch · Absolute Security · 2025-05-28 · 3 CVEs total
| CVE-2025-27703 | Privilege escalation in the management console of Absolute Secure Access prior to version | |
| CVE-2025-27706 | Cross-site scripting vulnerability in the Secure Access administrative console of Absolute |
IV. Related Vulnerabilities
Same product: Secure Access
- CVE-2026-40951
Memory corruption in Secure Access Windows clients prior to - CVE-2026-40950
Buffer overflow in the Secure Access server prior to 14.50 - CVE-2026-40949
Buffer overflow in Windows clients prior to 14.50 - CVE-2026-33452
Buffer overflow in Windows clients prior to 14.50 - CVE-2026-33451
Arbitrary read/write vulnerability in Windows clients prior
Same vendor: Absolute Security
- CVE-2026-0519
Information Disclosure in Secure Access Between 12.70 and 14 - CVE-2026-0518
XSS in Secure Access Consoles prior to 14.20 - CVE-2026-0517
Denial of Service in Secure Access Servers Prior to 14.20. - CVE-2025-59596
Absolute Secure Access Windows client 安全漏洞 - CVE-2025-54089
Cross-site Scripting vulnerability in Secure Access prior to
V. Comments for CVE-2025-27702
No comments yet