← Back

CVE-2025-22454

nvd nist
Published: Mar 11, 2025Modified: Jul 16, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 (Secondary)

Description

Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

Affected (6)

Ivanti
1 product
Secure Access Client
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Ivanti
Secure Access Client
Before 22.7
Secure Access Client
Version 22.7
Secure Access Client
Version 22.7 r1.1
Secure Access Client
Version 22.7 r1
Secure Access Client
Version 22.7 r2
Secure Access Client
Version 22.7 r3

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Vendor Advisory

Timeline

No history available yet.