CVE-2025-5450
published 2025-07-08CVE-2025-5450: Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version…
PriorityP410low2.7CVSS 3.1
AVNACLPRHUINSUCNILAN
EPSS
0.25%
16.1th percentile
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | < 22.7 | 22.7 |
| ivanti | connect_secure | — | — |
| ivanti | policy_secure | < 22.7 | 22.7 |
| ivanti | policy_secure | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jm8p-8v2h-26pm: Improper access control in the certificate management component of Ivanti Connect Secure before version 22
ghsa_unreviewed·2025-07-08
CVE-2025-5450 [MEDIUM] CWE-602 GHSA-jm8p-8v2h-26pm: Improper access control in the certificate management component of Ivanti Connect Secure before version 22
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
Ivanti
Ivanti Security Advisory: CVE-2025-5450
vendor_ivanti·2025-07-08·CVSS 6.3
CVE-2025-5450 [MEDIUM] CWE-602 Ivanti Security Advisory: CVE-2025-5450
Ivanti Security Advisory: CVE-2025-5450
Improper access control in the certificate management component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated admin with read-only rights to modify settings that should be restricted.
CVE IDs: CVE-2025-5450
CVSS Base Score: 6.3
Severity: MEDIUM
CWEs: CWE-602
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-08
Published