← Voltar para CVEs
CVE-2025-0293
MEDIUM6.6
Descricao
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
Detalhes CVE
Pontuacao CVSS v3.16.6
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado7/8/2025
Ultima modificacao7/10/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
ivanti:connect_secureivanti:policy_secure
Fraquezas (CWE)
CWE-93
Referencias
https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs(3c1d8aa1-5a33-4ea4-8992-aadd6440af75)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.