Absolute Absolute

  1. Vendors
  2. Absolute

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Absolute product.

RSS Feeds for Absolute security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Absolute products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Absolute Sorted by Most Security Vulnerabilities since 2018

Absolute Secure Access26 vulnerabilities

Absolute Ctes Windows Agent1 vulnerability

Absolute Persistence1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Absolute. Last year, in 2025 Absolute had 14 security vulnerabilities published. Right now, Absolute is on track to have less security vulnerabilities in 2026 than it did last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 14 5.59
2024 13 4.02
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 1 8.80

It may take a day or so for new Absolute vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Absolute Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-59595 Nov 04, 2025
DoS in Secure Access < 14.12 via crafted packet CVE-2025-59595 is an internally discovered denial of service vulnerability in versions of Secure Access prior to 14.12. An attacker can send a specially crafted packet to a server in a non-default configuration and cause the server to crash.
Secure Access
CVE-2025-54086 Oct 02, 2025
Excess Perms in Absolute Secure Access <14.10 Warehouse allows local file read CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability.
Secure Access
CVE-2025-49084 Jul 31, 2025
Absolute Secure Access <=13.56 – Privilege Escalation via Policy Overwrite CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access can overwrite policy rules without the requisite permissions. The attack complexity is low, attack requirements are present, privileges required are high and no user interaction is required. There is no impact to confidentiality, the impact to integrity is low, and there is no impact to availability. The impact to confidentiality and availability of subsequent systems is high and the impact to the integrity of subsequent systems is low.
Secure Access
CVE-2025-54085 Jul 31, 2025
Absolute Secure Access <13.56 Priv Esc via Admin Console Bypass CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read or change other settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality and integrity is low, there is no impact to system availability.
Secure Access
CVE-2025-49083 Jul 31, 2025
Deserialization RCE in Absolute Secure Access Console (pre-13.56) CVE-2025-49083 is a vulnerability in the management console of Absolute Secure Access after version 12.00 and prior to version 13.56. Attackers with administrative access to the console can cause unsafe content to be deserialized and executed in the security context of the console. The attack complexity is low and there are no attack requirements. Privileges required are high and there is no user interaction required. The impact to confidentiality is low, impact to integrity is high and there is no impact to availability. The impact to the confidentiality and integrity of subsequent systems is low and there is no subsequent system impact to availability.
Secure Access
CVE-2025-49082 Jul 31, 2025
Priv Esc in Absolute Secure Access <13.56 via Console Permission Bypass CVE-2025-49082 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read other settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, there is no impact to system availability or integrity.
Secure Access
CVE-2025-49081 Jun 12, 2025
Absolute Secure Access <13.55 Warehouse Input Validation DoS There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high.
Secure Access
CVE-2025-49080 Jun 12, 2025
Absolute Secure Access Server 9.0-13.54 Memory Management DoS (Net) There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are no attack requirements, privileges, or user interaction required. Loss of availability is high; there is no impact on confidentiality or integrity.
Secure Access
CVE-2025-27702 May 28, 2025
Absolute Secure Access <=13.53: Permission Bypass in Admin Console CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. There is no impact to system confidentiality or availability, impact to system integrity is high.
Secure Access
CVE-2025-27706 May 28, 2025
XSS in Absolute Secure Access Console prior to v13.54 CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrators use of the management console when the second administrator visits the page. Attack complexity is low, there are no preexisting attack requirements, privileges required are high and active user interaction is required. There is no impact on confidentiality, the impact on integrity is low and there is no impact on availability.
Secure Access
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.