CVE-2025-5450

Published: Jul 8, 2025Modified: Jul 15, 2025

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Exploitability: 1.2 / Impact: 1.4

Source: NVD

Description

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.

Affected (23)

Products: Ivanti: Connect Secure, Policy Secure

Ivanti

2 products

Connect Secure

Policy Secure

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Ivanti Connect Secure	Before 22.7
Ivanti Connect Secure	Version 22.7
Ivanti Connect Secure	Version 22.7 r1.1
Ivanti Connect Secure	Version 22.7 r1.2
Ivanti Connect Secure	Version 22.7 r1.3
Ivanti Connect Secure	Version 22.7 r1.4
Ivanti Connect Secure	Version 22.7 r1.5
Ivanti Connect Secure	Version 22.7 r1
Ivanti Connect Secure	Version 22.7 r2.1
Ivanti Connect Secure	Version 22.7 r2.2
Ivanti Connect Secure	Version 22.7 r2.3
Ivanti Connect Secure	Version 22.7 r2.4
Ivanti Connect Secure	Version 22.7 r2.5
Ivanti Connect Secure	Version 22.7 r2.6
Ivanti Connect Secure	Version 22.7 r2.7
Ivanti Connect Secure	Version 22.7 r2
Ivanti Policy Secure	Before 22.7
Ivanti Policy Secure	Version 22.7
Ivanti Policy Secure	Version 22.7 r1.1
Ivanti Policy Secure	Version 22.7 r1.2
Ivanti Policy Secure	Version 22.7 r1.3
Ivanti Policy Secure	Version 22.7 r1.4
Ivanti Policy Secure	Version 22.7 r1

Related CWEs

CWE-602

Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

References (1)

https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs

Source: 3c1d8aa1-5a33-4ea4-8992-aadd6440af75

Vendor Advisory

Timeline

No history available yet.