Primary

Context

Ivanti Connect Secure and Ivanti Policy Secure CLRF Injection Vulnerability

Vulnerability

Patched

A CLRF injection vulnerability has been identified in Ivanti Connect Secure (ICS) versions through 22.7R2.7 and Ivanti Policy Secure (IPS) versions through 22.7R1.4. This vulnerability allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.

Impact

Exploitation of this vulnerability allows for unauthorized modification of protected configuration files, which could lead to further security issues or misconfigurations.

Remediation

Users can upgrade to Ivanti Connect Secure version 22.7R2.8 or Ivanti Policy Secure version 22.7R1.5. These versions are available on the Ivanti Download Portal.

Added: Jul 8, 2025, 5:10 PM

Updated: Jul 8, 2025, 5:10 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Connect Secure and Ivanti Policy Secure CLRF Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ivanti Connect Secure

Ivanti Policy Secure

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating