Primary

Context

Ivanti Connect Secure and Policy Secure Arbitrary File Write Vulnerability

Vulnerability

Patched

A vulnerability allowing external control of file names has been identified in Ivanti Connect Secure versions prior to 22.7R2.4 and Ivanti Policy Secure versions prior to 22.7R1.3. This vulnerability allows remote authenticated attackers with admin privileges to write arbitrary files on the server.

Impact

Exploitation of this vulnerability could lead to unauthorized file writing, potentially allowing for further exploitation or disruption of the application.

Remediation

Users can upgrade to Ivanti Connect Secure 22.7R2.6 or Ivanti Policy Secure 22.7R1.3. Instructions for downloading these versions are available on the Ivanti Download Portal.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Connect Secure and Policy Secure Arbitrary File Write Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ivanti Connect Secure

Ivanti Policy Secure

Ivanti Secure Access Client

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating