CVE-2025-54086 - Vulnerability Details - OpenCVE

CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54086

History

Thu, 02 Oct 2025 20:15:00 +0000

Type	Values Removed	Values Added
Description		CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability.
Title		Excess Permissions in Warehouse
References		https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54086
Metrics		cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Absolute

Published: 2025-10-02T19:56:37.373Z

Updated: 2025-10-02T19:56:37.373Z

Reserved: 2025-07-16T17:10:03.453Z

Link: CVE-2025-54086

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-02T20:15:32.680

Modified: 2025-10-02T20:15:32.680

Link: CVE-2025-54086

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-54086", "assignerOrgId": "b6533044-ea05-4482-8458-7bddeca0d079", "state": "PUBLISHED", "assignerShortName": "Absolute", "dateReserved": "2025-07-16T17:10:03.453Z", "datePublished": "2025-10-02T19:56:37.373Z", "dateUpdated": "2025-10-02T19:56:37.373Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Warehouse", "product": "Secure Access", "vendor": "Absolute Security", "versions": [{"lessThan": "<14.10", "status": "affected", "version": "0", "versionType": "server"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>CVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability. </p>"}], "value": "CVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "b6533044-ea05-4482-8458-7bddeca0d079", "shortName": "Absolute", "dateUpdated": "2025-10-02T19:56:37.373Z"}, "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54086"}], "source": {"discovery": "UNKNOWN"}, "title": "Excess Permissions in Warehouse", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CVE-2025-54086 is an excess permissions vulnerability in the\nWarehouse component of Absolute Secure Access prior to version 14.10. Attackers\nwith access to the local file system can read the Java keystore file. The\nattack complexity is low, there are no attack requirements, the privileges\nrequired are low and no user interaction is required. Impact to confidentiality\nis low, there is no impact to integrity or availability."}], "id": "CVE-2025-54086", "lastModified": "2025-10-02T20:15:32.680", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "SecurityResponse@netmotionsoftware.com", "type": "Secondary"}]}, "published": "2025-10-02T20:15:32.680", "references": [{"source": "SecurityResponse@netmotionsoftware.com", "url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54086"}], "sourceIdentifier": "SecurityResponse@netmotionsoftware.com", "vulnStatus": "Received"}