CVE-2025-0292 — Server-Side Request Forgery in Ivanti Connect Secure
Severity
4.9MEDIUMNVD
CNA5.5
EPSS
0.7%
top 27.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 8
Description
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6