CVE-2025-27703

low-risk

Published 2025-05-28

CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the console. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, the impact to system integrity is high and the impact to system availability is low.

Do I need to act?

0.24% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.0/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Secure Access

Affected Vendors

Absolute

References (1)

Vendor Advisory https://www.absolute.com/platform/vulnerability-archive/cve-2025-27703

/ 100

low-risk

Severity 23/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal