CVE-2025-22454

Published Mar 11, 2025

Last updated a month ago

CVSS high 7.8

Overview

Description
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
Source
3c1d8aa1-5a33-4ea4-8992-aadd6440af75
NVD status
Analyzed
Products
secure_access_client

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

3c1d8aa1-5a33-4ea4-8992-aadd6440af75
CWE-732

Social media

Hype score
Not currently trending

  1. Ivanti has patched a critical privilege escalation vulnerability (CVE-2025-22454) in its Secure Access Client. Update now to prevent unauthorized system access. Details: https://t.co/LEFfRiTjJW #CVE-2025-22454

    @RedTeamNewsBlog

    24 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Ivanti disclosed a privesc vuln I found on their Secure Access Client VPN (ISAC) marked CVE-2025-22454 🔥🔥 https://t.co/wXLIcrprCK

    @mansk1es

    21 Mar 2025

    328 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  3. CVE-2025-22454 Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. https://t.co/uPfZDy74MI

    @CVEnew

    11 Mar 2025

    241 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.