Vulnerability Details CVE-2025-5450
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.1%
CVSS Severity
CVSS v3 Score 6.3
Products affected by CVE-2025-5450
-
cpe:2.3:a:ivanti:connect_secure:-
-
cpe:2.3:a:ivanti:connect_secure:21.12
-
cpe:2.3:a:ivanti:connect_secure:21.9
-
cpe:2.3:a:ivanti:connect_secure:22.1
-
cpe:2.3:a:ivanti:connect_secure:22.2
-
cpe:2.3:a:ivanti:connect_secure:22.3
-
cpe:2.3:a:ivanti:connect_secure:22.4
-
cpe:2.3:a:ivanti:connect_secure:22.5
-
cpe:2.3:a:ivanti:connect_secure:22.6
-
cpe:2.3:a:ivanti:connect_secure:22.7
-
cpe:2.3:a:ivanti:connect_secure:7.1
-
cpe:2.3:a:ivanti:connect_secure:7.4
-
cpe:2.3:a:ivanti:connect_secure:8.0
-
cpe:2.3:a:ivanti:connect_secure:8.1
-
cpe:2.3:a:ivanti:connect_secure:8.2
-
cpe:2.3:a:ivanti:connect_secure:8.3
-
cpe:2.3:a:ivanti:connect_secure:9.0
-
cpe:2.3:a:ivanti:connect_secure:9.1
-
cpe:2.3:a:ivanti:policy_secure:-
-
cpe:2.3:a:ivanti:policy_secure:22.1
-
cpe:2.3:a:ivanti:policy_secure:22.2
-
cpe:2.3:a:ivanti:policy_secure:22.3
-
cpe:2.3:a:ivanti:policy_secure:22.4
-
cpe:2.3:a:ivanti:policy_secure:22.5
-
cpe:2.3:a:ivanti:policy_secure:22.6
-
cpe:2.3:a:ivanti:policy_secure:22.7
-
cpe:2.3:a:ivanti:policy_secure:9.0
-
cpe:2.3:a:ivanti:policy_secure:9.1