- 39/2025
- Critical
Ivanti has released security updates to fix several critical vulnerabilities across multiple Ivanti products.
The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, obtain sensitive information, bypass security restrictions, or execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
Ivanti Connect Secure (ICS) Code Execution Vulnerability (CVE-2025-22467):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
The affected products:
- Ivanti CSA 5.0.4 and prior.
- Ivanti Neurons for MDM (N-MDM) R108 and prior.
- Ivanti Connect Secure (ICS) 22.7R2.5 and below.
- Ivanti Policy Secure (IPS) 22.7R1.2 and below.
- Ivanti Secure Access Client (ISAC) 22.7R4 and below.
Vulnerabilities
- CVE-2024-47908
- CVE-2024-11771
- CVE-2024-38657
- CVE-2025-22467
- CVE-2024-10644
- CVE-2024-12058
- CVE-2024-13830
- CVE-2024-13842
- CVE-2024-13843
- CVE-2024-13813
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.