← Retour aux CVEs
CVE-2025-0293
MEDIUM6.6
Description
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
Details CVE
Score CVSS v3.16.6
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie7/8/2025
Derniere modification7/10/2025
Sourcenvd
Observations honeypot0
Produits affectes
ivanti:connect_secureivanti:policy_secure
Faiblesses (CWE)
CWE-93
References
https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs(3c1d8aa1-5a33-4ea4-8992-aadd6440af75)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.