{"cve":{"cve_id":"CVE-2025-27706","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00205,"epss_percentile":0.10484,"epss_as_of":"2026-06-23","description":"CVE-2025-27706 is a cross-site scripting vulnerability in the management\n console of Absolute Secure Access prior to version 13.54. Attackers \nwith system administrator permissions can interfere with another system \nadministrator’s use of the management console when the second \nadministrator visits the page. Attack complexity is low, there are no \npreexisting attack requirements, privileges required are high and active\n user interaction is required. There is no impact on confidentiality, \nthe impact on integrity is low and there is no impact on availability.","published_at":"2025-05-28T21:01:08.548000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":4.6,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-79"],"nvd_references":["https://www.absolute.com/platform/vulnerability-archive/cve-2025-27706"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:26:09.678241Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"A","value_label":"Active"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"absolute-security","vendor_name":"Absolute Security","product_slug":"secure-access","product_name":"Secure Access","version_start":"0","version_start_inclusive":true,"version_end":"13.54","version_end_inclusive":false,"cpe23_uri":"cve5:absolute-security:secure-access:0:13.54"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.absolute.com/platform/vulnerability-archive/cve-2025-27706","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-05-28T21:01:08.548000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:44:19.897881Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:44:19.897881Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:44:19.897881Z","label":"CVSS score revised","source":"cvelistv5"}]}