No items found.
February 12, 2025
·
0
Minutes Read

Ivanti ICS, IPS, ISAC, CSA: Multiple Vulnerabilities Disclosed and Patched

Advisory
February 12, 2025
·
0
Minutes Read

Ivanti ICS, IPS, ISAC, CSA: Multiple Vulnerabilities Disclosed and Patched

This is some text inside of a div block.
This is some text inside of a div block.
·
0
Minutes Read
Kudelski Security Team
Find out more
table of contents
Share on
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Summary

Ivanti has released security updates addressing nine vulnerabilities affecting Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Ivanti Secure Access Client (ISAC), and Ivanti Cloud Services Application (CSA). These flaws, which could lead to privilege escalation, arbitrary file reads, writes, and/or code execution, were identified in multiple versions of these products. Exploitation of one or more of these vulnerabilities could allow a remote attacker to gain full control of affected systems.

While there are no reports of these flaws being actively exploited, their potential for abuse is significant, especially given the history of Ivanti’s products being targeted by advanced threat actors. To mitigate these risks, Ivanti has recommended upgrading to the latest versions of the affected products.

Affected Systems and/or Applications

  • Ivanti Connect Secure (ICS): 22.7R2.5 and prior
  • Ivanti Policy Secure (IPS): 22.7R1.2 and prior
  • Ivanti Secure Access Client (ISAC): 22.7R4 and prior Ivanti
  • Cloud Services Application (CSA): 5.0.4 and prior

Technical Details / Attack Overview

While nine bugs have been disclosed as of time of writing, the four most severe are as follows:

CVE NumberDescriptionCVSS Score
CVE-2024-38657External control of a le name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary les.9.1 (Critical)
CVE-2025-22467A stack-based buffer over ow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.9.9 (Critical)
CVE-2024-10644Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.9.1 (Critical)
CVE-2024-47908OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution.9.1 (Critical)

Mitigation

The vulnerabilities detailed in this advisory are resolved in the latest versions of the affected Ivanti products:

  • Ivanti Connect Secure: Version 22.7R2.6
  • Ivanti Policy Secure: Version 22.7R1.3
  • Ivanti Secure Access Client: Version 22.8R1
  • Ivanti Cloud Services Application: Version 5.0.5

These updated versions are available for download through the Ivanti portal (login required).

What the Cyber Fusion Center is Doing

The CFC will continue to monitor the situation and send an advisory update if needed. Clients subscribed to our vulnerability scan services will receive relevant results if critical vulnerabilities are found within the scope of the scans as soon as a relevant plugin is made available by the scan provider.

References

Related Post
July 23, 2025
Security Advisory:
July 23, 2025
Kudelski Security Team

Microsoft SharePoint On-Premise Vulnerability (CVE-2025-53770) Under Active Exploitation

July 14, 2025
Security Advisory:
July 14, 2025
Kudelski Security Team

Adversary Infrastructure and Indicators Behind the SAP NetWeaver 0-Day Exploitation

July 7, 2025
Security Advisory:
July 7, 2025
Kudelski Security Team

Persistent Exploitation of ASP.NET Components Fuels Remote Code Execution Attacks