anonhaven
Ad

CVE-2025-22454

HIGH CVSS 3.1: 7.8 EPSS 0.19%
Updated Jul 16, 2025
Ivanti
Parameter Value
CVSS 7.8 (HIGH)
Affected Versions before 22.7
Fixed In 22.7
Type CWE-732 (Incorrect Permission Assignment)
Vendor Ivanti
Public PoC No

Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-732 Incorrect Permission Assignment

Vulnerable Products 6

Configuration From (including) Up to (excluding)
Ivanti Secure_Access_Client
cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*
 22.7
Ivanti Secure_Access_Client
cpe:2.3:a:ivanti:secure_access_client:22.7:-:*:*:*:*:*:*
Ivanti Secure_Access_Client
cpe:2.3:a:ivanti:secure_access_client:22.7:r1:*:*:*:*:*:*
Ivanti Secure_Access_Client
cpe:2.3:a:ivanti:secure_access_client:22.7:r1.1:*:*:*:*:*:*
Ivanti Secure_Access_Client
cpe:2.3:a:ivanti:secure_access_client:22.7:r2:*:*:*:*:*:*
Ivanti Secure_Access_Client
cpe:2.3:a:ivanti:secure_access_client:22.7:r3:*:*:*:*:*:*

References 1

https://forums.ivanti.com/s/article/March-Security-Advisory-Ivanti-Secure-Acces…
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1281

Ivanti

9.8

CVE-2025-10918

Ivanti

7.1

CVE-2024-38657

Ivanti

4.9

CVE-2025-22467

Ivanti

8.8

CVE-2024-47908

Ivanti

7.2