Excess Perms in Absolute Secure Access <14.10 Warehouse allows local file read
CVE-2025-54086 Published on October 2, 2025
Excess Permissions in Warehouse
CVE-2025-54086 is an excess permissions vulnerability in the
Warehouse component of Absolute Secure Access prior to version 14.10. Attackers
with access to the local file system can read the Java keystore file. The
attack complexity is low, there are no attack requirements, the privileges
required are low and no user interaction is required. Impact to confidentiality
is low, there is no impact to integrity or availability.
Weakness Type
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
Products Associated with CVE-2025-54086
Want to know whenever a new CVE is published for Absolute Secure Access? stack.watch will email you.
Affected Versions
Absolute Security Secure Access:- Before <14.10 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.