Connect Secure Security Vulnerabilities and Issues — Connect Secure CVE List

Lucene search

IvantiConnect Secure

6 matches found

CVE•added 2025/07/08 4:15 p.m.•9 views

CVE-2025-5464

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.

6.5CVSS5.7AI score0.00028EPSS

CVE•added 2025/07/08 3:15 p.m.•7 views

CVE-2025-5451

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.

4.9CVSS7.3AI score0.00215EPSS

CVE•added 2025/07/08 4:15 p.m.•6 views

CVE-2025-0292

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

5.5CVSS6.3AI score0.00106EPSS

CVE•added 2025/07/08 4:15 p.m.•6 views

CVE-2025-0293

CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

6.6CVSS6.6AI score0.00034EPSS

CVE•added 2025/07/08 3:15 p.m.•6 views

CVE-2025-5450

Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.

6.3CVSS6.8AI score0.00107EPSS

CVE•added 2025/07/08 3:15 p.m.•5 views

CVE-2025-5463

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

5.5CVSS6.3AI score0.00029EPSS