Emergency Security Bulletin: Multiple High vulnerabilities affecting Ivanti Workspace Control

https://www.redlegg.com/hubfs/Theme-2024/overlay-red.png

TABLE OF CONTENTS

NEW BLOGS

Vulnerability Bulletins

Emergency Security Bulletin: Multiple High vulnerabilities affecting...

Vulnerability Bulletins

Emergency Security Bulletin: Cisco Identity Services Engine (ISE)...

Vulnerability Bulletins

Emergency Security Bulletin: Authentication Bypass Vulnerability in...

Vulnerability Bulletins

Emergency Security Bulletin: Fortinet TACACS+ Authentication Bypass...

By: RedLegg's Cyber Threat Intelligence Team

06/10/25 09:05 PM

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

VULNERABILITIES

Hardcoded Cryptographic key in Ivanti Workspace Control

CVSS Score: 8.8 (High)
Identifier: CVE-2025-5353
Exploit or POC: No exploits or proof of concepts publicly reported at this time
Update: CVE-2025-5353 – Ivanti Security Advisory

Description: CVE-2025-5353 is a high vulnerability affecting Ivanti Workspace Control. This vulnerability arises from a hardcoded key in Ivanti Workspace Control before version 10.19.10.0, which allows a local authenticated attacker to decrypt stored SQL credentials.

Mitigation Recommendation: Ivanti has released patches to address this vulnerability. Organizations using affected versions should upgrade immediately to prevent unauthorized access.

Hardcoded Cryptographic key in Ivanti Workspace Control

CVSS Score: 8.8 (High)
Identifier: CVE-2025-22455
Exploit or POC: No exploits or proof of concepts publicly reported at this time
Update: CVE-2025-22455 – Ivanti Security Advisory

Description: CVE-2025-22455 is a high vulnerability affecting Ivanti Workspace Control. This vulnerability arises from a hardcoded key in Ivanti Workspace Control before version 10.19.10.0, which allows a local authenticated attacker to decrypt stored SQL credentials.

Mitigation Recommendation: Ivanti has released patches to address this vulnerability. Organizations using affected versions should upgrade immediately to prevent unauthorized access.

Hardcoded Cryptographic key in Ivanti Workspace Control

CVSS Score: 7.3 (High)
Identifier: CVE-2025-22463
Exploit or POC: No exploits or proof of concepts publicly reported at this time
Update: CVE-2025-22463 – Ivanti Security Advisory

Description: CVE-2025-22463 is a high vulnerability affecting Ivanti Workspace Control. This vulnerability arises from a hardcoded key in Ivanti Workspace Control before version 10.19.0.0, which allows a local authenticated attacker to decrypt the stored environment password.

Mitigation Recommendation: Ivanti has released patches to address this vulnerability. Organizations using affected versions should upgrade immediately to prevent unauthorized access.