[CIVN-2025-0145] Multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: MEDIUM
Software Affected
Ivanti Connect Secure (ICS) versions prior to 22.7R2.7
Ivanti Policy Secure (IPS) versions prior to 22.7R1.4
Overview
Multiple vulnerabilities have been reported in Ivanti Connect Secure & Ivanti Policy Secure which could be exploited by an attacker to obtain sensitive information, disrupt services, or alter configuration files on the targeted system.
Target Audience:
Organizations & individuals using affected Ivanti products.
Risk Assessment:
Medium to high risk of unauthorized access, data exposure, or service disruption depending on the specific vulnerability exploited.
Impact Assessment:
Potential for exposure of sensitive data, unauthorized modification of configuration files, or denial-of-service conditions.
Description
Ivanti Connect Secure and Ivanti Policy Secure provide secure access and network access control solutions.
The reported vulnerabilities arise from issues including improper access control, stack-based buffer overflow, memory corruption, and cross-site scripting (XSS).
Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, execute arbitrary code, or compromise system integrity.
Solution
Apply appropriate updates as mentioned in the Ivantis portal:
https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs?language=en_US&_gl=1*1j1b684*_gcl_au*OTAxMDYxMDE3LjE3NTE5ODQ2OTc
Vendor Information
Ivanti
https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs?language=en_US&_gl=1*1j1b684*_gcl_au*OTAxMDYxMDE3LjE3NTE5ODQ2OTc
References
https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs?language=en_US&_gl=1*1j1b684*_gcl_au*OTAxMDYxMDE3LjE3NTE5ODQ2OTc
CVE Name
CVE-2025-5450
CVE-2025-5451
CVE-2025-5463
CVE-2025-5464
CVE-2025-0293
CVE-2025-0292
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmh3sJkACgkQ3jCgcSdc
ys9UBg/+J4Rho2KWQlxA8TFWcQjKVP98vZb1quvNFiJSzcGAi5vFzA6KWSCNQTpn
2b+A89dJt3X3l2/OjNafwOCZgiiGhECPWlNCv7G0O+zcJkoYWtJl5U3RKcSkoYsp
53ETnht0nw+mIyjIvl7nNB7KkBVrAeYDITQPNGSc7zFplAiQPSrolroa8wQ/uMpr
xsqV9XNIMwBY12iT7T2IYz1Dd5S8TnPdKaqjiUCi8ij06q2daZlGN++RDzrPSX6E
cEuA8fOcBjQEj/F2vTyeE+wBlVafr+kAWbeLmV9oP5hOxNUIz0qVprcCwx+Ljvbb
9Oui+qgqQGh60MRb+9UsOaErmt+82N9zn+XGSfxgVNFwiZZYGJuNq38+G9VrLphA
HcNzO2WOteL07nS77JsB/OuZfDeSAZ+jFVOwnRBrNIrfMHaRjU9ORzz98CGK5Kzs
Cv/+KiUv7Hd3CPPtNVNHH5O9u1GVlGV1iPz++RUoymToQQjq7mh8xuT4Oi1QDZjV
OjPp2kNuUgSpC66r1IS7thADAKXOlUpSuVjmAoX8mcezprh83VgqX3qTa6VhYwAs
lTeWr6hNk2OqbUcy8dEiEGfj1/98T9m5RhIy+VOzyCxlDIDyquKiOKsMr+Ydp7GV
zo6HGmMhGTCX6I8GdZS2xJL1INk6o5vtWq1nqS2Gs9z5DHVQe50=
=MH48
—–END PGP SIGNATURE—–