CVE-2025-54087 - Vulnerability Details

CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and user interaction is required. There is no direct impact to confidentiality, integrity, or availability. There is a low severity subsequent system impact to integrity.

Attack Vector Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Absolute	Secure Access

Configuration 1 [-]

cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54087

History

Thu, 16 Oct 2025 18:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:absolute:secure_access::::::::
Metrics		cvssV3_1 `{'score': 2.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N'}`

Tue, 07 Oct 2025 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-918
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 03 Oct 2025 08:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Absolute Absolute secure Access
Vendors & Products		Absolute Absolute secure Access

Thu, 02 Oct 2025 20:15:00 +0000

Type	Values Removed	Values Added
Description		CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and user interaction is required. There is no direct impact to confidentiality, integrity, or availability. There is a low severity subsequent system impact to integrity.
Title		Server-side request forgery in Secure Access
References		https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54087
Metrics		cvssV4_0 `{'score': 1.8, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Absolute

Published: 2025-10-02T20:05:38.092Z

Updated: 2025-10-07T19:27:01.644Z

Reserved: 2025-07-16T17:10:03.453Z

Link: CVE-2025-54087

Vulnrichment

Updated: 2025-10-07T19:26:58.056Z

NVD

Status : Analyzed

Published: 2025-10-02T20:15:32.830

Modified: 2025-10-16T18:22:43.163

Link: CVE-2025-54087

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object