—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Software Affected

Ivanti Connect Secure (ICS) versions prior to 22.7R2.7

Ivanti Policy Secure (IPS) versions prior to 22.7R1.4

Overview

Multiple vulnerabilities have been reported in Ivanti Connect Secure & Ivanti Policy Secure which could be exploited by an attacker to obtain sensitive information, disrupt services, or alter configuration files on the targeted system.

Target Audience:

Organizations & individuals using affected Ivanti products.

Risk Assessment:

Medium to high risk of unauthorized access, data exposure, or service disruption depending on the specific vulnerability exploited.

Impact Assessment:

Potential for exposure of sensitive data, unauthorized modification of configuration files, or denial-of-service conditions.

Description

Ivanti Connect Secure and Ivanti Policy Secure provide secure access and network access control solutions.

The reported vulnerabilities arise from issues including improper access control, stack-based buffer overflow, memory corruption, and cross-site scripting (XSS).

Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, execute arbitrary code, or compromise system integrity.

Solution

Apply appropriate updates as mentioned in the Ivantis portal:

https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs?language=en_US&_gl=1*1j1b684*_gcl_au*OTAxMDYxMDE3LjE3NTE5ODQ2OTc

Vendor Information

Ivanti

https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs?language=en_US&_gl=1*1j1b684*_gcl_au*OTAxMDYxMDE3LjE3NTE5ODQ2OTc

References

 

https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs?language=en_US&_gl=1*1j1b684*_gcl_au*OTAxMDYxMDE3LjE3NTE5ODQ2OTc

CVE Name

CVE-2025-5450

CVE-2025-5451

CVE-2025-5463

CVE-2025-5464

CVE-2025-0293

CVE-2025-0292

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmh3sJkACgkQ3jCgcSdc

ys9UBg/+J4Rho2KWQlxA8TFWcQjKVP98vZb1quvNFiJSzcGAi5vFzA6KWSCNQTpn

2b+A89dJt3X3l2/OjNafwOCZgiiGhECPWlNCv7G0O+zcJkoYWtJl5U3RKcSkoYsp

53ETnht0nw+mIyjIvl7nNB7KkBVrAeYDITQPNGSc7zFplAiQPSrolroa8wQ/uMpr

xsqV9XNIMwBY12iT7T2IYz1Dd5S8TnPdKaqjiUCi8ij06q2daZlGN++RDzrPSX6E

cEuA8fOcBjQEj/F2vTyeE+wBlVafr+kAWbeLmV9oP5hOxNUIz0qVprcCwx+Ljvbb

9Oui+qgqQGh60MRb+9UsOaErmt+82N9zn+XGSfxgVNFwiZZYGJuNq38+G9VrLphA

HcNzO2WOteL07nS77JsB/OuZfDeSAZ+jFVOwnRBrNIrfMHaRjU9ORzz98CGK5Kzs

Cv/+KiUv7Hd3CPPtNVNHH5O9u1GVlGV1iPz++RUoymToQQjq7mh8xuT4Oi1QDZjV

OjPp2kNuUgSpC66r1IS7thADAKXOlUpSuVjmAoX8mcezprh83VgqX3qTa6VhYwAs

lTeWr6hNk2OqbUcy8dEiEGfj1/98T9m5RhIy+VOzyCxlDIDyquKiOKsMr+Ydp7GV

zo6HGmMhGTCX6I8GdZS2xJL1INk6o5vtWq1nqS2Gs9z5DHVQe50=

=MH48

—–END PGP SIGNATURE—–