CVE-2025-49083

CVE-2025-49083 is a vulnerability in the management console of Absolute Secure Access after version 12.00 and prior to version 13.56. Attackers with administrative access to the console can cause unsafe content to be deserialized and executed in the security context of the console. The attack complexity is low and there are no attack requirements. Privileges required are high and there is no user interaction required. The impact to confidentiality is low, impact to integrity is high and there is no impact to availability. The impact to the confidentiality and integrity of subsequent systems is low and there is no subsequent system impact to availability.

CVSS

No CVSS.

References

Link	Resource
https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49083

Configurations

No configuration.

History

31 Jul 2025, 14:15

Type	Values Removed	Values Added
CWE		CWE-502
Summary		(es) CVE-2025-49083 es una vulnerabilidad en la consola de administración de Absolute Secure Access (versión posterior a la 12.00 y anterior a la 13.56). Los atacantes con acceso administrativo a la consola pueden provocar la deserialización y ejecución de contenido inseguro en el contexto de seguridad de la consola. La complejidad del ataque es baja y no requiere ningún tipo de intervención. Se requieren privilegios elevados y no se requiere interacción del usuario. El impacto en la confidencialidad es bajo, el impacto en la integridad es alto y no hay impacto en la disponibilidad. El impacto en la confidencialidad e integridad de los sistemas posteriores es bajo y no hay impacto posterior en la disponibilidad del sistema.

31 Jul 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-31 00:15

Updated : 2025-07-31 18:42

NVD link : CVE-2025-49083

Mitre link : CVE-2025-49083

CVE.ORG link : CVE-2025-49083

JSON object : View

Products Affected

No product.

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2025-49083", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "SecurityResponse@netmotionsoftware.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-31T00:15:26.957", "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49083", "source": "SecurityResponse@netmotionsoftware.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "CVE-2025-49083 is a vulnerability in the management console\nof Absolute Secure Access after version 12.00 and prior to version 13.56.\nAttackers with administrative access to the console can cause unsafe content to\nbe deserialized and executed in the security context of the console. The attack\ncomplexity is low and there are no attack requirements. Privileges required are\nhigh and there is no user interaction required. The impact to confidentiality\nis low, impact to integrity is high and there is no impact to availability. The\nimpact to the confidentiality and integrity of subsequent systems is low and\nthere is no subsequent system impact to availability."}, {"lang": "es", "value": "CVE-2025-49083 es una vulnerabilidad en la consola de administraci\u00f3n de Absolute Secure Access (versi\u00f3n posterior a la 12.00 y anterior a la 13.56). Los atacantes con acceso administrativo a la consola pueden provocar la deserializaci\u00f3n y ejecuci\u00f3n de contenido inseguro en el contexto de seguridad de la consola. La complejidad del ataque es baja y no requiere ning\u00fan tipo de intervenci\u00f3n. Se requieren privilegios elevados y no se requiere interacci\u00f3n del usuario. El impacto en la confidencialidad es bajo, el impacto en la integridad es alto y no hay impacto en la disponibilidad. El impacto en la confidencialidad e integridad de los sistemas posteriores es bajo y no hay impacto posterior en la disponibilidad del sistema."}], "lastModified": "2025-07-31T18:42:37.870", "sourceIdentifier": "SecurityResponse@netmotionsoftware.com"}