CVE-2025-54087 - Vulnerability Details

CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and user interaction is required. There is no direct impact to confidentiality, integrity, or availability. There is a low severity subsequent system impact to integrity.

Attack Vector Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Absolute	Secure Access

No data.

References

Link	Providers
https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54087

History

Fri, 03 Oct 2025 08:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Absolute Absolute secure Access
Vendors & Products		Absolute Absolute secure Access

Thu, 02 Oct 2025 20:15:00 +0000

Type	Values Removed	Values Added
Description		CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and user interaction is required. There is no direct impact to confidentiality, integrity, or availability. There is a low severity subsequent system impact to integrity.
Title		Server-side request forgery in Secure Access
References		https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54087
Metrics		cvssV4_0 `{'score': 1.8, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Absolute

Published: 2025-10-02T20:05:38.092Z

Updated: 2025-10-02T20:05:38.092Z

Reserved: 2025-07-16T17:10:03.453Z

Link: CVE-2025-54087

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-10-02T20:15:32.830

Modified: 2025-10-06T14:57:05.000

Link: CVE-2025-54087

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object