PT-2025-24665 · Ivanti · Ivanti Workspace Control

Published

2025-06-10

Updated

2025-06-13

CVE-2025-22463

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Ivanti Workspace Control versions prior to 10.19.10.0

Description A hardcoded key in the software allows a local authenticated attacker to decrypt the stored environment password. This issue enables an attacker with local access to potentially gain unauthorized access to sensitive information.

Recommendations For versions prior to 10.19.10.0, update to version 10.19.10.0 or later to resolve the issue. As a temporary workaround, consider restricting local access to the system to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321

Related Identifiers

CVE-2025-22463

Affected Products

Ivanti Workspace Control

PT-2025-24665 · Ivanti · Ivanti Workspace Control

CVE-2025-22463

Weakness Enumeration

Related Identifiers

Affected Products

References · 11