CVE-2025-8296
published 2025-08-12CVE-2025-8296: SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In…
PriorityP348high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.02%
59.1th percentile
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | avalanche | < 6.4.8.8008 | 6.4.8.8008 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2025-8296
vendor_ivanti·2025-08-12·CVSS 7.2
CVE-2025-8296 [HIGH] CWE-89 Ivanti Security Advisory: CVE-2025-8296
Ivanti Security Advisory: CVE-2025-8296
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution
CVE IDs: CVE-2025-8296
CVSS Base Score: 7.2
Severity: HIGH
CWEs: CWE-89
GHSA
GHSA-hg2r-4969-58rf: SQL injection in Ivanti Avalanche before version 6
ghsa_unreviewed·2025-08-12
CVE-2025-8296 [HIGH] CWE-89 GHSA-hg2r-4969-58rf: SQL injection in Ivanti Avalanche before version 6
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-12
Published