ivanti

496 tracked vulnerabilities.

CVE-2025-55144 MEDIUM
Ivanti Connect Secure <22.7R2.9,22.8R2 - Privilege Escalation
Sep 09, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-55143 MEDIUM
Ivanti Connect Secure <22.7R2.9,22.8R2 - Info Disclosure
Sep 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-55142 HIGH
Ivanti Connect Secure <22.7R2.9,22.8R2 - Auth Bypass
Sep 09, 2025
CVSS 8.8
EPSS 0.04
CVE-2025-55141 HIGH
Ivanti Connect Secure <22.7R2.9,22.8R2 - Auth Bypass
Sep 09, 2025
CVSS 8.8
EPSS 0.04
CVE-2025-55139 MEDIUM
Ivanti Connect Secure <22.7R2.9,22.8R2 - SSRF
Sep 09, 2025
CVSS 6.8
EPSS 0.01
CVE-2025-8310 MEDIUM
Ivanti Virtual Application Delivery Controller < 22.9 - Authenticated Account Takeover via Admin Password Reset
Aug 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-8297 HIGH
Ivanti Avalanche < 6.4.8.8008 - Authenticated Remote Code Execution via Unrestricted File Upload
Aug 12, 2025
CVSS 7.2
EPSS 0.11
CVE-2025-8296 HIGH
Ivanti Avalanche < 6.4.8.8008 - Authenticated SQL Injection
Aug 12, 2025
CVSS 7.2
EPSS 0.07
CVE-2025-5468 MEDIUM
Ivanti Connect Secure <22.7R2.8, Policy Secure <22.7R1.5, ZTA Gatew...
Aug 12, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-5466 MEDIUM
Ivanti Connect Secure < 22.7 - Authenticated Denial of Service via XML Entity Expansion
Aug 12, 2025
CVSS 4.9
EPSS 0.01
CVE-2025-5462 HIGH
Ivanti Connect Secure < 22.7 - Unauthenticated Heap-based Buffer Overflow
Aug 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-5456 HIGH
Ivanti Connect Secure - Buffer Over-read Denial of Service
Aug 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-6771 HIGH
Ivanti Endpoint Manager Mobile < 12.3.0.3 - Authenticated Remote Code Execution via OS Command Injection
Jul 08, 2025
CVSS 7.2
EPSS 0.24
CVE-2025-5464 MEDIUM
Ivanti Connect Secure <22.7R2.8 - Info Disclosure
Jul 08, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0293 MEDIUM
Ivanti Connect/Ivanti Policy <22.7R2.8-22.7R1.5 - Code Injection
Jul 08, 2025
CVSS 6.6
EPSS 0.00
CVE-2025-0292 MEDIUM
Ivanti Connect Secure <22.7R2.8 - SSRF
Jul 08, 2025
CVSS 5.5
EPSS 0.01
CVE-2025-7037 HIGH
Ivanti Endpoint Manager < 2024 SU3 and < 2022 SU8 Security Update 1 - Authenticated SQL Injection
Jul 08, 2025
CVSS 7.2
EPSS 0.01
CVE-2025-6996 HIGH
Ivanti Endpoint Manager <2024 SU3, 2022 SU8 SU1 - Info Disclosure
Jul 08, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-6995 HIGH
Ivanti Endpoint Manager <2024 SU3, 2022 SU8 SU1 - Info Disclosure
Jul 08, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-6770 HIGH
Ivanti Endpoint Manager Mobile < 12.5.0.2 - Authenticated Remote Code Execution via OS Command Injection
Jul 08, 2025
CVSS 7.2
EPSS 0.15
CVE-2025-5463 MEDIUM
Ivanti Connect/Ivanti Policy <22.7R2.8/<22.7R1.5 - Info Disclosure
Jul 08, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-5451 MEDIUM
Ivanti Connect Secure <22.7R2.8 - Ivanti Policy Secure <22.7R1.5 - DoS
Jul 08, 2025
CVSS 4.9
EPSS 0.01
CVE-2025-5450 MEDIUM
Ivanti Connect/Ivanti Policy <22.7R2.8/<22.7R1.5 - Privilege Escala...
Jul 08, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-5353 HIGH
Ivanti Workspace Control <10.19.10.0 - Info Disclosure
Jun 10, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-22463 HIGH
Ivanti Workspace Control <10.19.10.0 - Info Disclosure
Jun 10, 2025
CVSS 7.3
EPSS 0.00
Products
connect_secure 130 avalanche 117 endpoint_manager 116 policy_secure 77 endpoint_manager_mobile 28 workspace_control 22 secure_access_client 20 zero_trust_access_gateway 17 neurons_for_secure_access 15 cloud_services_appliance 7 Endpoint Manager Mobile 6 desktop_\&_server_management 6 landesk_management_suite 6 neurons_for_itsm 6 endpoint_manager_cloud_services_appliance 5 neurons_for_zero-trust_access 5 Endpoint Manager 3 Secure Access Client 3 incapptic_connect 3 security_controls 3 Connect Secure 2 Neurons for ITSM (Cloud) 2 Neurons for ITSM (On-Premise) 2 application_control 2 automation 2 mobileiron 2 standalone_sentry 2 virtual_traffic_manager 2 LANDesk Management Suite 1 Policy Secure 1
Quick Filters
Critical CVEs With Exploits In CISA KEV