Primary

Context

Ivanti Avalanche Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in Ivanti Avalanche versions through 6.4.6. This vulnerability arises from an incomplete restriction of configuration, allowing remote authenticated attackers with admin privileges to execute arbitrary code.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the affected system.

Remediation

Users can download the patched version 6.4.8.8008 from the Ivanti Avalanche Download Portal. It is recommended to back up the database and/or system image before performing the upgrade.

Added: Aug 12, 2025, 3:34 PM

Updated: Aug 12, 2025, 3:34 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Avalanche Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ivanti Avalanche

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating