Multiple Vulnerabilities Addressed in Secure Access 14.10 Server, Secure Access 14.10, and Insights for Network 4.30
Secure Access 14.10 is a feature release that supports faster throughput on faster networks, Android 16, and has numerous other quality-of-life improvements. It also addresses four security vulnerabilities in Secure Access the most severe of which is rated 5.5 – Medium. In addition, v14.10 addresses 14 vulnerabilities in third-party packages from the Apache foundation, Amazon Corretto, the OpenSSL foundation, and the Libarchive project. The most severe of the third-party vulnerabilities is scored 8.6 - High.
Insights for Network 4.30 is a feature release that includes numerous dashboard and performance enhancements and addresses two security issues in Splunk, the most severe of which is rated 9.8 – Critical.
Secure Access Vulnerabilities Addressed in v14.10:
The highest CVESS score of these vulnerabilities is rated 5.5 – Medium.
In addition, v14.10 addresses 14 vulnerabilities in third-party packages from the Apache foundation, Amazon Corretto, the OpenSSL foundation, and the Libarchive project. The most severe of the third-party vulnerabilities is scored 8.6 - High.
For v13.x customers: The attacks can be mitigated by installing the update from our download portal and following our recommendations for securely configuring network access to the administrative console.
For v12.x and v11.x customers: A security update is not planned. Please upgrade to the most recent Secure Access version to maximize the security posture of your deployment.
Absolute recommends that customers schedule a maintenance window to update their Secure Access servers to 14.10.
For more information, contact securityresponse@absolute.com or nm-support@absolute.com.
CVES for 14.10:
- CVE-2025-54086 - 5.3 - Medium
- CVE-2025-54087 - 1.8 Low
- CVE-2025-54088 - 5.5 Medium
- CVE-2025-54089 - 4.6 Medium
Third-party CVEs addressed in 14.10:
CVE-2024-48958, CVE-2024-26256, CVE-2024-48615, CVE-2024-48957, CVE-2024-57970, CVE-2025-25724, CVE-2025-0664, CVE-2025-50059, CVE-2025-30749, CVE-2025-50106, CVE-2025-30761, CVE-2025-30754, CVE-2025-48924, CVE-2025-52520
Third-party CVEs addressed in Insights for Network 4.30