{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-49081","assignerOrgId":"b6533044-ea05-4482-8458-7bddeca0d079","state":"PUBLISHED","assignerShortName":"Absolute","dateReserved":"2025-05-30T18:23:44.238Z","datePublished":"2025-06-12T17:25:47.812Z","dateUpdated":"2025-06-12T17:59:46.307Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","packageName":"Warehouse","product":"Secure Access","vendor":"Absolute Security","versions":[{"lessThan":"13.55","status":"affected","version":"0","versionType":"Server"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>There is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh.</p>"}],"value":"There is an insufficient input validation vulnerability in the warehouse\ncomponent of Absolute Secure Access prior to server version 13.55. Attackers\nwith system administrator permissions can impair the availability of the Secure\nAccess administrative UI by writing invalid data to the warehouse over the\nnetwork. The attack complexity is low, there are no attack requirements,\nprivileges required are high, and there is no user interaction required. There\nis no impact on confidentiality or integrity; the impact on availability is\nhigh."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":6.9,"baseSeverity":"MEDIUM","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"b6533044-ea05-4482-8458-7bddeca0d079","shortName":"Absolute","dateUpdated":"2025-06-12T17:25:47.812Z"},"references":[{"url":"https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-49081"}],"source":{"discovery":"UNKNOWN"},"title":"Input validation vulnerability in the Secure Access prior to version 13.55","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-20","lang":"en","description":"CWE-20 Improper Input Validation"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-12T17:58:19.597138Z","id":"CVE-2025-49081","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-12T17:59:46.307Z"}}]}}