Multiple Vulnerabilities in Ivanti Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Ivanti Workspace Control (IWC) versions 10.19.0.0 and prior

Overview

Multiple vulnerabilities have been reported in Ivanti Workspace Control (IWC), which could allow an authenticated attacker to access and decrypt sensitive credentials stored on the targeted system.

Target Audience:

Organizations and individuals using affected Ivanti products.

Impact Assessment:

Potential for unauthorised access to the environment and database credentials stored in the system.

Risk Assessment:

High risk of sensitive information disclosure.

Description

Ivanti Workspace Control (IWC) is a software solution designed to help IT administrators manage and secure user workspaces across physical, virtual, and cloud environments. It enables personalised, secure desktop experiences while optimising IT operations.

Multiple vulnerabilities exist in IWC due to improper credential storage practices, including the use of hardcoded encryption keys. These flaws may allow low-privileged authenticated users to access and decrypt the environment or SQL credentials stored in the system.

Successful exploitation of these vulnerabilities could allow an authenticated attacker to access and decrypt sensitive credentials stored on the targeted system.

Solution

Apply appropriate fixes issued by the vendor.

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-CVE-2025-5353-CVE-CVE-2025-22463-CVE-2025-22455?language=en_US

Vendor Information

Ivanti

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-CVE-2025-5353-CVE-CVE-2025-22463-CVE-2025-22455?language=en_US

References

Ivanti

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Workspace-Control-CVE-2025-5353-CVE-CVE-2025-22463-CVE-2025-22455?language=en_US

CVE Name

CVE-2025-5353

CVE-2025-22463

CVE-2025-22455