{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-54086", "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079", "state": "PUBLISHED", "assignerShortName": "Absolute", "dateReserved": "2025-07-16T17:10:03.453Z", "datePublished": "2025-10-02T19:56:37.373Z", "dateUpdated": "2025-10-06T18:35:14.588Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Warehouse", "product": "Secure Access", "vendor": "Absolute Security", "versions": [{"lessThan": "<14.10", "status": "affected", "version": "0", "versionType": "server"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>CVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability. </p>"}], "value": "CVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "b6533044-ea05-4482-8458-7bddeca0d079", "shortName": "Absolute", "dateUpdated": "2025-10-02T19:56:37.373Z"}, "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54086"}], "source": {"discovery": "UNKNOWN"}, "title": "Excess Permissions in Warehouse", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-06T18:35:11.272236Z", "id": "CVE-2025-54086", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T18:35:14.588Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54086", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-06T18:35:11.272236Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T18:35:04.159Z"}}], "cna": {"title": "Excess Permissions in Warehouse", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Absolute Security", "product": "Secure Access", "versions": [{"status": "affected", "version": "0", "lessThan": "<14.10", "versionType": "server"}], "packageName": "Warehouse", "defaultStatus": "unaffected"}], "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54086"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability.", "supportingMedia": [{"type": "text/html", "value": "<p>CVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability. </p>", "base64": false}]}], "providerMetadata": {"orgId": "b6533044-ea05-4482-8458-7bddeca0d079", "shortName": "Absolute", "dateUpdated": "2025-10-02T19:56:37.373Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54086", "state": "PUBLISHED", "dateUpdated": "2025-10-06T18:35:14.588Z", "dateReserved": "2025-07-16T17:10:03.453Z", "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079", "datePublished": "2025-10-02T19:56:37.373Z", "assignerShortName": "Absolute"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4C71B0A-C4A4-421F-A1B4-0CCD7FECEBF1", "versionEndExcluding": "14.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability."}], "id": "CVE-2025-54086", "lastModified": "2025-10-16T18:23:17.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "SecurityResponse@netmotionsoftware.com", "type": "Secondary"}]}, "published": "2025-10-02T20:15:32.680", "references": [{"source": "SecurityResponse@netmotionsoftware.com", "tags": ["Vendor Advisory"], "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54086"}], "sourceIdentifier": "SecurityResponse@netmotionsoftware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2025-10-03T08:22:36.390118+00:00", "updated": "2025-10-03T08:22:36.390193+00:00", "vendors": ["absolute", "absolute$PRODUCT$secure_access"]}