Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN429
_____________________________________________________________________

DATE                : 09/07/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Ivanti Connect Secure (ICS)
                          versions prior to 22.7R2.8,
               Ivanti Policy Secure (IPS) versions prior to 22.7R1.5.

=====================================================================
https://forums.ivanti.com/s/article/July-Security-Advisory-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Multiple-CVEs?language=en_US
_____________________________________________________________________

July Security Advisory Ivanti Connect Secure and Ivanti Policy Secure
(Multiple CVEs)

Primary Product
Connect-Secure

Created Date
Jul 8, 2025 1:58:23 PM

Last Modified Date
Jul 8, 2025 1:58:23 PM


Ivanti has released updates for Ivanti Connect Secure (ICS) and Ivanti
Policy Secure (IPS), which address medium severity vulnerabilities.

We are not aware of any customers being exploited by these
vulnerabilities at the time of disclosure.

 
Vulnerability Details:

CVE Number   Description  CVSS Score (Severity)    CVSS Vector   CWE

CVE-2025-5450    Improper access control in the certificate management
component of Ivanti Connect Secure before version 22.7R2.8 and Ivanti
Policy Secure before version 22.7R1.5 allows a remote authenticated
admin with read-only rights to modify settings that should be
restricted.
6.3 (Medium)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-602

CVE-2025-5451    A stack-based buffer overflow in Ivanti Connect
Secure before version 22.7R2.8 and Ivanti Policy Secure before
version 22.7R1.5 allows a remote authenticated attacker with admin
rights to trigger a denial of service.
4.9 (Medium)
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-121

CVE-2025-5463    Insertion of sensitive information into a log file
in Ivanti Connect Secure before version 22.7R2.8 and
Ivanti Policy Secure before version 22.7R1.5 allows a local
authenticated attacker to obtain that information.
5.5 (Medium)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-532

CVE-2025-5464    Insertion of sensitive information into a log file
in Ivanti Connect Secure before version 22.7R2.8 allows a local
authenticated attacker to obtain that information.
6.5 (Medium)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE-532

CVE-2025-0293    CLRF injection in Ivanti Connect Secure before
version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5
allows a remote authenticated attacker with admin rights to write
to a protected configuration file on disk.
6.6(Medium)
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CWE-93

CVE-2025-0292    SSRF in Ivanti Connect Secure before version
22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows
a remote authenticated attacker with admin rights to access
internal network services.
5.5(Medium)
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
CWE-918


Affected Versions

Product Name   Affected Version(s)   Resolved Version(s)
Patch Availability

Ivanti Connect Secure (ICS)   22.7R2.7 and prior   22.7R2.8
Download Portal
https://portal.ivanti.com/

Ivanti Policy Secure (IPS)    22.7R1.4 and prior   22.7R1.5
Download Portal
https://portal.ivanti.com/

 
Solution

These vulnerabilities are resolved on the latest version of
the product and can be accessed in the download portal
(Login Required):

    Ivanti Connect Secure 22.7R2.8
    Ivanti Policy Secure 22.7R1.5

 

 

FAQ

    Are you aware of any active exploitation of these
vulnerabilities?
    We are not aware of any customers being exploited by
these vulnerabilities prior to public disclosure. These
vulnerabilities were discovered internally or disclosed
through our responsible disclosure program.

    How can I tell if I have been compromised?
    Currently, there is no known public exploitation of
these vulnerabilities that could be used to provide a list
of indicators of compromise.

    What should I do if I need help? 

    If you have questions after reviewing this information,
you can log a case and/or request a call via the Success
Portal

    Are Ivanti Neurons for ZTA or Ivanti Neurons for
Secure Access affected by these vulnerabilities?
    No. The cloud versions of these solutions do not contain
these vulnerabilities.

    Are any of these vulnerability fixes backported to any
of the 9.x versions?
    No. The Pulse Connect Secure 9.x version of the product
reached End of Engineering June 2024 and has reached End-of-Support
as of December 31, 2024. Because of this, the 9.x version of
Connect Secure no longer receives backported fixes. We strongly
encourage customers to upgrade to Ivanti Connect Secure and remain
on the latest version to benefit from important security updates
that we have made throughout the solution.

Article Number :
000100712

Article Promotion Level
Normal

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================