CVE-2025-54087— Server-side request forgery in Secure Access
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-54087
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-side request forgery in Secure Access
Source: NVD (National Vulnerability Database)
Vulnerability Description
CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and user interaction is required. There is no direct impact to confidentiality, integrity, or availability. There is a low severity subsequent system impact to integrity.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ivanti Secure Access Client 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ivanti Secure Access Client是美国Ivanti公司的一个安全软件客户端。 Ivanti Secure Access Client 14.10之前版本存在安全漏洞,该漏洞源于具有管理权限的攻击者可发布特制测试HTTP请求,可能导致服务端请求伪造攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Absolute Security | Secure Access | 0 ~ <14.10 | - |
II. Public POCs for CVE-2025-54087
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-54087
请登录查看更多情报信息。
Same Patch Batch · Absolute Security · 2025-10-02 · 4 CVEs total
| CVE-2025-54086 | Excess Permissions in Warehouse | |
| CVE-2025-54089 | Cross-site Scripting vulnerability in Secure Access prior to 14.10 | |
| CVE-2025-54088 | Open Redirect in Secure Access prior to 14.10 |
IV. Related Vulnerabilities
Same product: Secure Access
- CVE-2026-40951
Memory corruption in Secure Access Windows clients prior to - CVE-2026-40950
Buffer overflow in the Secure Access server prior to 14.50 - CVE-2026-40949
Buffer overflow in Windows clients prior to 14.50 - CVE-2026-33452
Buffer overflow in Windows clients prior to 14.50 - CVE-2026-33451
Arbitrary read/write vulnerability in Windows clients prior
Same vendor: Absolute Security
- CVE-2026-0519
Information Disclosure in Secure Access Between 12.70 and 14 - CVE-2026-0518
XSS in Secure Access Consoles prior to 14.20 - CVE-2026-0517
Denial of Service in Secure Access Servers Prior to 14.20. - CVE-2025-59596
Absolute Secure Access Windows client 安全漏洞 - CVE-2025-54089
Cross-site Scripting vulnerability in Secure Access prior to
V. Comments for CVE-2025-54087
No comments yet