Primary

Context

Ivanti Virtual Application Delivery Controller Missing Authorization Vulnerability Allowing Admin Account Takeover

Vulnerability

A vulnerability in the admin console of Ivanti Virtual Application Delivery Controller (vADC) prior to version 22.9 allows remote authenticated attackers to take over admin accounts by resetting passwords. This issue arises from missing authorization checks, enabling unauthorized password resets.

Impact

Exploitation of this vulnerability could lead to unauthorized password resets, allowing attackers to gain control of admin accounts.

Remediation

Users can upgrade to Ivanti Virtual Application Delivery Controller version 22.9, available on the Ivanti Download Portal. It is also recommended to restrict admin access to the management interface to the internal network.

Added: Aug 12, 2025, 3:33 PM

Updated: Aug 12, 2025, 3:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ivanti Virtual Application Delivery Controller Missing Authorization Vulnerability Allowing Admin Account Takeover

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating