CVE-2025-54086 is an excess permissions vulnerability in the
Warehouse component of Absolute Secure Access prior to version 14.10. Attackers
with access to the local file system can read the Java keystore file. The
attack complexity is low, there are no attack requirements, the privileges
required are low and no user interaction is required. Impact to confidentiality
is low, there is no impact to integrity or availability.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-32210 CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 16 Oct 2025 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Mon, 06 Oct 2025 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-276
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 03 Oct 2025 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Absolute
Absolute secure Access
Vendors & Products Absolute
Absolute secure Access

Thu, 02 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Description CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability.
Title Excess Permissions in Warehouse
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Absolute

Published:

Updated: 2025-10-06T18:35:14.588Z

Reserved: 2025-07-16T17:10:03.453Z

Link: CVE-2025-54086

cve-icon Vulnrichment

Updated: 2025-10-06T18:35:04.159Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-02T20:15:32.680

Modified: 2025-10-16T18:23:17.397

Link: CVE-2025-54086

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-10-03T08:22:36Z