Privilege Escalation Vulnerability in Ivanti Secure Access Client
CVE-2025-22454

7.8HIGH

Key Information:

Vendor: Ivanti
Status: Secure Access Client
Vendor: CVE Published:; 11 March 2025

Summary

A security flaw has been identified in the Ivanti Secure Access Client prior to version 22.7R4, where insufficiently restrictive permissions can be exploited by a local authenticated attacker to escalate their privileges. This vulnerability highlights the need for rigorous permission checks within applications to mitigate the risk of unauthorized access and control.

Affected Version(s)

Secure Access Client 22.7R4

Secure Access Client 22.8R1

References

https://forums.ivanti.com/s/article/March-Security-Adviso...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Jan 7, 2025