Secure Access 13.56 is a maintenance release that addresses four security vulnerabilities that would allow administrators to bypass certain access controls or deserialize untrusted content.

The highest CVSS score of these four vulnerabilities is 7.0, High.

13.56 also addresses two third-party vulnerabilities from the Apache Software Foundation, CVE-2025-48976 and CVE-2025-48988. The Apache Software Foundation does not provide CVSS scores.

For v13.x customers: The attacks can be mitigated by installing the update from our download portal and following our recommendations for securely configuring network access to the administrative console.

For v12.x and v11.x customers: A security update is not planned. Please upgrade to the most recent Secure Access version to maximize the security posture of your deployment.

Absolute recommends that customers schedule a maintenance window to update their Secure Access servers to 13.56.

For more information, contact securityresponse@absolute.com or nm-support@absolute.com.

CVEs for 13.56: